--- title: Send AWS Services Logs With The Datadog Lambda Function description: Datadog, the leading service for cloud-scale monitoring. breadcrumbs: >- Docs > Log Management > Logs Guides > Send AWS Services Logs With The Datadog Lambda Function --- # Send AWS Services Logs With The Datadog Lambda Function AWS service logs can be collected with the Datadog Forwarder Lambda function. This Lambda—which triggers on S3 Buckets, CloudWatch log groups, and EventBridge events—forwards logs to Datadog. To start collecting logs from your AWS services: 1. Set up the [Datadog Forwarder Lambda function](https://docs.datadoghq.com/serverless/forwarder/) in your AWS account. 1. Enable logging for your AWS service (most AWS services can log to a S3 bucket or CloudWatch Log Group). 1. Set up the triggers that cause the Forwarder Lambda to execute when there are new logs to be forwarded. There are two ways to configure the triggers. **Notes**: - You can use [AWS PrivateLink](https://docs.datadoghq.com/serverless/forwarder#aws-privatelink-support) to send your logs over a private connection. - CloudFormation creates an IAM policy which includes `KMS:Decrypt` for all resources, and does not align with AWS Security Hub's best practice. This permission is used to decrypt objects from KMS-encrypted S3 buckets to set up the Lambda function, and the KMS key used to encrypt the S3 buckets cannot be predicted. You can safely delete this permission after the installation finishes successfully. ## Enable logging for your AWS service{% #enable-logging-for-your-aws-service %} Any AWS service that generates logs into a S3 bucket or a CloudWatch Log Group is supported. Find setup instructions for the most used services in the table below: | AWS service | Activate AWS service logging | Send AWS logs to Datadog | | -------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | [API Gateway](https://docs.datadoghq.com/integrations/amazon_api_gateway/) | [Enable Amazon API Gateway logs](https://docs.datadoghq.com/integrations/amazon_api_gateway/#log-collection) | [Manual](https://docs.datadoghq.com/integrations/amazon_api_gateway/#send-logs-to-datadog) and automatic log collection. | | [AppSync](https://docs.datadoghq.com/integrations/amazon-appsync/) | [Enable AWS AppSync Logs](https://docs.datadoghq.com/integrations/amazon-appsync/#send-logs-to-datadog) | [Manual](https://docs.datadoghq.com/integrations/amazon-appsync/#send-logs-to-datadog) and automatic log collection. | | Batch | `-` | Automatic log collection. | | [Bedrock Agentcore](https://docs.datadoghq.com/integrations/amazon-iot/) | `-` | Automatic log collection. | | [Cloudfront](https://docs.datadoghq.com/integrations/amazon_cloudfront/) | [Enable Amazon CloudFront logs](https://docs.datadoghq.com/integrations/amazon_cloudfront/#enable-cloudfront-logging) | [Manual](https://docs.datadoghq.com/integrations/amazon_cloudfront/#send-logs-to-datadog) and automatic log collection. | | [CloudTrail](https://docs.datadoghq.com/integrations/amazon_cloudtrail/#enable-cloudtrail-logging) | [Enable AWS CloudTrail logs](https://docs.datadoghq.com/integrations/amazon_cloudtrail/#enable-cloudtrail-logging) | [Manual](https://docs.datadoghq.com/integrations/amazon_cloudtrail/#send-logs-to-datadog) and automatic log collection. See [AWS Configuration for Cloud SIEM](https://docs.datadoghq.com/security/cloud_siem/guide/aws-config-guide-for-cloud-siem/) if you are setting up AWS CloudTrail for Cloud SIEM. | | [CodeBuild](https://docs.datadoghq.com/integrations/amazon-codebuild/) | [Enable AWS CodeBuild logs](https://docs.datadoghq.com/integrations/amazon-codebuild/#send-logs-to-datadog) | [Manual](https://docs.datadoghq.com/integrations/amazon-codebuild/#send-logs-to-datadog) and automatic log collection. | | [DMS](https://docs.datadoghq.com/integrations/amazon-dms/) | [Enable AWS Database Migration Service logs](https://docs.datadoghq.com/integrations/amazon-dms/#send-logs-to-datadog) | [Manual](https://docs.datadoghq.com/integrations/amazon-dms/#send-logs-to-datadog) and automatic log collection. | | [DocumentDB](https://docs.datadoghq.com/integrations/amazon-documentdb/) | [Enable Amazon DocumentDB logs](https://docs.datadoghq.com/integrations/amazon-documentdb/#send-logs-to-datadog) | [Manual](https://docs.datadoghq.com/integrations/amazon-documentdb/#send-logs-to-datadog) and automatic log collection. | | [DynamoDB](https://docs.datadoghq.com/integrations/amazon_dynamodb/#enable-dynamodb-logging) | [Enable Amazon DynamoDB logs](https://docs.datadoghq.com/integrations/amazon_dynamodb/) | [Manual](https://docs.datadoghq.com/integrations/amazon_dynamodb/#send-logs-to-datadog) log collection. | | [EC2](https://docs.datadoghq.com/integrations/amazon_ec2/) | `-` | Use the [Datadog Agent](https://docs.datadoghq.com/integrations/amazon_ec2/) to send your logs to Datadog. | | [ECS](https://docs.datadoghq.com/integrations/amazon_ecs/) | `-` | [Use the Docker Agent to gather your logs](https://docs.datadoghq.com/integrations/amazon_ecs/#log-collection) or automatic log collection. | | [EKS](https://docs.datadoghq.com/integrations/amazon-eks/) | [Enable Amazon EKS logs](https://docs.datadoghq.com/integrations/amazon-eks/#log-collection) | [Manual](https://docs.datadoghq.com/integrations/amazon-eks/#log-collection) and automatic log collection. | | [Elastic Load Balancing (ELB)](https://docs.datadoghq.com/integrations/amazon_elb/) | [Enable Amazon ELB logs](https://docs.datadoghq.com/integrations/amazon_elb/#enable-aws-elb-logging) | [Manual](https://docs.datadoghq.com/integrations/amazon_elb/#manual-installation-steps) and automatic log collection. | | [Glue](https://docs.datadoghq.com/integrations/amazon_glue/) | [Enable AWS Glue logs](https://docs.datadoghq.com/integrations/amazon_glue/#log-collection) | [Manual](https://docs.datadoghq.com/integrations/amazon_glue/#log-collection) and automatic log collection. | | [IoT Core](https://docs.datadoghq.com/integrations/amazon-iot/) | [Enable Amazon IoT Core logs](https://docs.datadoghq.com/integrations/amazon-iot/#enable-logging) | Automatic log collection. | | [Lambda](https://docs.datadoghq.com/integrations/amazon_lambda/) | `-` | [Manual](https://docs.datadoghq.com/integrations/amazon_lambda/#log-collection) and automatic log collection. | | [MWAA](https://docs.datadoghq.com/integrations/amazon_mwaa/) | [Enable Amazon MWAA logs](https://docs.datadoghq.com/integrations/amazon_mwaa/#log-collection) | [Manual](https://docs.datadoghq.com/integrations/amazon_mwaa/#log-collection) and automatic log collection. | | [Network Firewall](https://docs.datadoghq.com/integrations/amazon_network_firewall/) | [Enable AWS Network Firewall logs](https://docs.datadoghq.com/integrations/amazon_network_firewall/#log-collection) | [Manual](https://docs.datadoghq.com/integrations/amazon_network_firewall/#log-collection) and automatic log collection. | | [PCS](https://docs.datadoghq.com/integrations/amazon-iot/#enable-logging) | `-` | Automatic log collection. | | [RDS](https://docs.datadoghq.com/integrations/amazon_rds/) | [Enable Amazon RDS logs](https://docs.datadoghq.com/integrations/amazon_rds/#enable-rds-logging) | [Manual](https://docs.datadoghq.com/integrations/amazon_rds/#send-logs-to-datadog) log collection. | | [RedShift](https://docs.datadoghq.com/integrations/amazon_redshift/) | [Enable Amazon Redshift logs](https://docs.datadoghq.com/integrations/amazon-redshift/#enable-logging) | [Manual](https://docs.datadoghq.com/integrations/amazon-redshift/#log-collection) and automatic log collection. | | Redshift Serverless | `-` | Automatic log collection. | | [Route 53](https://docs.datadoghq.com/integrations/amazon_route53/) | Enable Amazon Route 53 [DNS query logging](https://docs.datadoghq.com/integrations/amazon_route53/#enable-route53-dns-query-logging) and [resolver query logging](https://docs.datadoghq.com/integrations/amazon_route53/#enable-route53-resolver-query-logging) | [Manual](https://docs.datadoghq.com/integrations/amazon_route53/#send-logs-to-datadog) and automatic log collection. | | [S3](https://docs.datadoghq.com/integrations/amazon_s3/) | [Enable Amazon S3 logs](https://docs.datadoghq.com/integrations/amazon_s3/#enable-s3-access-logs) | [Manual](https://docs.datadoghq.com/integrations/amazon_s3/#manual-installation-steps) and automatic log collection. | | [SNS](https://docs.datadoghq.com/integrations/amazon_sns/) | SNS does not provide logs, but you can process logs and events that are transiting through to the SNS Service. | [Manual](https://docs.datadoghq.com/integrations/amazon_sns/#send-logs-to-datadog) log collection. | | SSM | `-` | Automatic log collection. | | [Step Functions](https://docs.datadoghq.com/integrations/amazon_step_functions/) | [Enable Amazon Step Functions logs](https://docs.datadoghq.com/integrations/amazon_step_functions/#log-collection) | [Manual](https://docs.datadoghq.com/integrations/amazon_step_functions/#send-logs-to-datadog) log collection. | | [Verified Access](https://docs.datadoghq.com/integrations/amazon-verified-access/) | [Enable Verified Access logs](https://docs.datadoghq.com/integrations/amazon-verified-access/#enable-verified-access-logs) | [Manual](https://docs.datadoghq.com/integrations/amazon-verified-access/#log-collection) and automatic log collection. | | [VPC](https://docs.datadoghq.com/integrations/amazon_vpc/) | [Enable Amazon VPC logs](https://docs.datadoghq.com/integrations/amazon_vpc/#enable-vpc-flow-log-logging) | [Manual](https://docs.datadoghq.com/integrations/amazon_vpc/#log-collection) and automatic log collection. | | [VPN](https://docs.datadoghq.com/integrations/amazon-vpn/) | [Enable AWS VPN logs](https://docs.datadoghq.com/integrations/amazon-vpn/#enable-logging) | [Manual](https://docs.datadoghq.com/integrations/amazon-vpn/#send-logs-to-datadog) and automatic log collection. | | [Web Application Firewall](https://docs.datadoghq.com/integrations/amazon_waf/) | [Enable AWS WAF logs](https://docs.datadoghq.com/integrations/amazon_waf/#log-collection) | [Manual](https://docs.datadoghq.com/integrations/amazon_waf/#send-logs-to-datadog) and automatic log collection. | ## Set up triggers{% #set-up-triggers %} There are two options when configuring triggers on the Datadog Forwarder Lambda function: - Automatically: Datadog automatically retrieves the log locations for the selected AWS services and adds them as triggers on the Datadog Forwarder Lambda function. Datadog also keeps the list up to date. - Manually: Set up each trigger yourself. ### Automatically set up triggers{% #automatically-set-up-triggers %} Datadog can automatically configure triggers on the Datadog Forwarder Lambda function to collect AWS logs. However, automatic subscription does not support creating triggers across different AWS accounts or regions. For scenarios where logs are published to S3 buckets in a separate account, we recommend manually creating a trigger in the same account as the bucket to work around this limitation. The following sources and locations are supported: | Source | Location | | --------------------------- | -------------- | | Apache Airflow (MWAA) | CloudWatch | | API Gateway Access Logs | CloudWatch | | API Gateway Execution Logs | CloudWatch | | Application ELB Access Logs | S3 | | AppSync Logs | CloudWatch | | Batch | CloudWatch | | Bedrock Agentcore Logs | S3, CloudWatch | | Classic ELB Access Logs | S3 | | CloudFront Access Logs | S3 | | Cloudtrail Logs | S3, CloudWatch | | CodeBuild Logs | S3, CloudWatch | | DMS Logs | CloudWatch | | DocumentDB Logs | CloudWatch | | ECS Logs | CloudWatch | | EKS Control Plane Logs | CloudWatch | | EKS Container Insights Logs | CloudWatch | | Glue Jobs Logs | CloudWatch | | Lambda Logs | CloudWatch | | Lambda@Edge Logs | Cloudwatch | | IoT Core Logs | CloudWatch | | Network Firewall Logs | S3, CloudWatch | | PCS Logs | CloudWatch | | Redshift Logs | S3, Cloudwatch | | Redshift Serverless Logs | CloudWatch | | RDS Logs | CloudWatch | | Route53 DNS Query Logs | CloudWatch | | Route53 Resolver query Logs | S3, CloudWatch | | S3 Access Logs | S3 | | SSM Command Logs | CloudWatch | | Step Functions | CloudWatch | | Verified Access Logs | S3, CloudWatch | | VPC Flow Logs | S3, CloudWatch | | VPN Logs | CloudWatch | | Web Application Firewall | S3, CloudWatch | **Note**: [Subscription filters](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/SubscriptionFilters) are automatically created on CloudWatch log groups by the DatadogForwarder, and are named in the format `DD_LOG_SUBSCRIPTION_FILTER_`. 1. If you haven't already, set up the [Datadog log collection AWS Lambda function](https://docs.datadoghq.com/serverless/forwarder/). 1. Ensure the policy of the IAM role used for [Datadog-AWS integration](https://docs.datadoghq.com/integrations/amazon_web_services/) has the following permissions. Information on how these permissions are used can be found in the descriptions below: ```text "airflow:GetEnvironment", "airflow:ListEnvironments", "appsync:ListGraphqlApis", "batch:DescribeJobDefinitions", "cloudfront:GetDistributionConfig", "cloudfront:ListDistributions", "cloudtrail:GetTrail", "cloudtrail:ListTrails", "codebuild:BatchGetProjects", "codebuild:ListProjects", "dms:DescribeReplicationInstances", "ec2:DescribeFlowLogs", "ec2:DescribeVerifiedAccessInstanceLoggingConfigurations", "ec2:DescribeVpnConnections", "ecs:DescribeTaskDefinition", "ecs:ListTaskDefinitionFamilies", "eks:DescribeCluster", "eks:ListClusters", "elasticloadbalancing:DescribeLoadBalancerAttributes", "elasticloadbalancing:DescribeLoadBalancers", "glue:BatchGetJobs", "glue:GetJobs", "glue:GetJob", "glue:ListJobs", "iot:GetV2LoggingOptions", "lambda:GetPolicy", "lambda:InvokeFunction", "lambda:List*", "logs:DeleteSubscriptionFilter", "logs:DescribeDeliveries", "logs:DescribeDeliverySources", "logs:DescribeLogGroups", "logs:DescribeSubscriptionFilters", "logs:GetDeliveryDestination", "logs:PutSubscriptionFilter", "network-firewall:DescribeLoggingConfiguration", "network-firewall:ListFirewalls", "rds:DescribeDBClusters", "rds:DescribeDBInstances", "redshift-serverless:ListNamespaces", "redshift:DescribeClusters", "redshift:DescribeLoggingStatus", "route53:ListQueryLoggingConfigs", "route53resolver:ListResolverQueryLogConfigs", "s3:GetBucketLocation", "s3:GetBucketLogging", "s3:GetBucketNotification", "s3:ListAllMyBuckets", "s3:PutBucketNotification", "ssm:GetServiceSetting", "ssm:ListCommands", "states:DescribeStateMachine", "states:ListStateMachines", "wafv2:ListLoggingConfigurations" ``` | AWS Permission | Description | | --------------------------------------------------------- | ---------------------------------------------------------------- | | `airflow:ListEnvironments` | List all MWAA environment names. | | `airflow:GetEnvironment` | Get information about a MWAA environment. | | `appsync:ListGraphqlApis` | List all GraphQL Apis. | | `batch:DescribeJobDefinitions` | List all Batch job definitions. | | `cloudfront:GetDistributionConfig` | Get the name of the S3 bucket containing CloudFront access logs. | | `cloudfront:ListDistributions` | List all CloudFront distributions. | | `cloudtrail:GetTrail` | Get Trail logging information. | | `cloudtrail:ListTrails` | List all Cloudtrail trails. | | `codebuild:BatchGetProjects` | List all CodeBuild projects. | | `codebuild:ListProjects` | Get information on CodeBuild projects. | | `dms:DescribeReplicationInstances` | List all replication instances for DMS. | | `ec2:DescribeFlowLogs` | List all Flow log configurations. | | `ec2:DescribeVerifiedAccessInstanceLoggingConfigurations` | List all Verified Access instance logging configurations. | | `ec2:DescribeVpnConnections` | List all VPN connections. | | `ecs:DescribeTaskDefinition` | Describe ECS task definition. | | `ecs:ListTaskDefinitionFamilies` | List all task definition families. | | `elasticloadbalancing:``DescribeLoadBalancers` | List all load balancers. | | `elasticloadbalancing:``DescribeLoadBalancerAttributes` | Get the name of the S3 bucket containing ELB access logs. | | `glue:BatchGetJobs` | Get information about multiple Glue jobs. | | `glue:GetJob` | Get information about a Glue job. | | `glue:GetJobs` | List all Glue jobs. | | `glue:ListJobs` | List all Glue job names. | | `eks:DescribeCluster` | Describe an EKS cluster. | | `eks:ListClusters` | List all EKS clusters. | | `iot:GetV2LoggingOptions` | Get IoT V2 logging options. | | `lambda:InvokeFunction` | Invoke a Lambda function. | | `lambda:List*` | List all Lambda functions. | | `lambda:GetPolicy` | Get the Lambda policy when triggers are to be removed. | | `logs:PutSubscriptionFilter` | Add a Lambda trigger based on CloudWatch Log events. | | `logs:DeleteSubscriptionFilter` | Remove a Lambda trigger based on CloudWatch Log events. | | `logs:DescribeLogGroups` | Describe CloudWatch log groups. | | `logs:DescribeDeliveries` | Describe CloudWatch log deliveries. | | `logs:DescribeDeliverySources` | Describe CloudWatch log delivery sources. | | `logs:DescribeSubscriptionFilters` | List the subscription filters for the specified log group. | | `logs:GetDeliveryDestination` | Get a CloudWatch log delivery destination. | | `network-firewall:DescribeLoggingConfiguration` | Get the logging configuration of a firewall. | | `network-firewall:ListFirewalls` | List all Network Firewall firewalls. | | `rds:DescribeDBClusters` | List all RDS clusters. | | `rds:DescribeDBInstances` | List all RDS instances. | | `redshift:DescribeClusters` | List all Redshift clusters. | | `redshift:DescribeLoggingStatus` | Get the name of the S3 bucket containing Redshift Logs. | | `redshift-serverless:ListNamespaces` | List all Redshift Serverless namespaces. | | `route53:ListQueryLoggingConfigs` | List all DNS query logging configurations for Route 53. | | `route53resolver:ListResolverQueryLogConfigs` | List all Resolver query logging configurations for Route 53. | | `s3:GetBucketLogging` | Get the name of the S3 bucket containing S3 access logs. | | `s3:GetBucketLocation` | Get the region of the S3 bucket containing S3 access logs. | | `s3:GetBucketNotification` | Get existing Lambda trigger configurations. | | `s3:ListAllMyBuckets` | List all S3 buckets. | | `s3:PutBucketNotification` | Add or remove a Lambda trigger based on S3 bucket events. | | `ssm:GetServiceSetting` | Get the SSM service setting for customer script log group name. | | `ssm:ListCommands` | List all SSM commands. | | `states:ListStateMachines` | List all Step Functions. | | `states:DescribeStateMachine` | Get logging details about a Step Function. | | `wafv2:ListLoggingConfigurations` | List all logging configurations of the Web Application Firewall. | 1. In the [AWS Integration page](https://app.datadoghq.com/integrations/amazon-web-services), select the AWS Account to collect logs from and click on the **Log Collection** tab. 1. In the **Datadog Forwarder Lambda** section, enter the ARN of the Lambda created in the previous section and click **Add**. The Lambda function appears in the table below with its name, version, and region. 1. In the **Log Autosubscription** section, under **Log Sources**, enable the services from which you'd like to collect logs by toggling them on. To stop collecting logs from a particular service, toggle the log source off. 1. (Optional) In the **Log Source Tag Filters** section, you can filter log collection by resource tags for each log source. Select a log source from the dropdown menu and add tags in `key:value` format to limit which resources' logs are collected. **Note**: Resource tags are automatically lowercased to match Datadog platform conventions. Define your tag filters in lowercase to avoid mismatches. 1. If you have logs across multiple regions, you must create additional Lambda functions in those regions and add them in the **Datadog Forwarder Lambda** section. 1. To stop collecting all AWS logs from a specific Lambda function, hover over the Lambda in the table and click the delete icon. All triggers for that function are removed. 1. Within a few minutes of this initial setup, your AWS Logs appear in the Datadog [Log Explorer](https://app.datadoghq.com/logs). ### Manually set up triggers{% #manually-set-up-triggers %} #### Collecting logs from CloudWatch log group{% #collecting-logs-from-cloudwatch-log-group %} If you are collecting logs from a CloudWatch log group, configure the trigger to the [Datadog Forwarder Lambda function](https://docs.datadoghq.com/serverless/forwarder/) using one of the following methods: {% tab title="AWS console" %} 1. In the AWS console, go to **Lambda**. 1. Click **Functions** and select the Datadog Forwarder. 1. Click **Add trigger** and select **CloudWatch Logs**. 1. Select the log group from the dropdown menu. 1. Enter a name for your filter, and optionally specify a filter pattern. 1. Click **Add**. 1. Go to the [Datadog Log section](https://app.datadoghq.com/logs) to explore any new log events sent to your log group. {% /tab %} {% tab title="Terraform" %} For Terraform users, you can provision and manage your triggers using the [aws_cloudwatch_log_subscription_filter](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_subscription_filter) resource. See sample code below. ``` data "aws_cloudwatch_log_group" "some_log_group" { name = "/some/log/group" } resource "aws_lambda_permission" "lambda_permission" { action = "lambda:InvokeFunction" function_name = "datadog-forwarder" # this is the default but may be different in your case principal = "logs.amazonaws.com" # or logs.amazonaws.com.cn for China* source_arn = data.aws_cloudwatch_log_group.some_log_group.arn } resource "aws_cloudwatch_log_subscription_filter" "datadog_log_subscription_filter" { name = "datadog_log_subscription_filter" log_group_name = # for example, /some/log/group destination_arn = # for example, arn:aws:lambda:us-east-1:123:function:datadog-forwarder filter_pattern = "" } ``` \* *All use of Datadog Services in (or in connection with environments within) mainland China is subject to the disclaimer published in the [Restricted Service Locations](https://www.datadoghq.com/legal/restricted-service-locations/) section on our website.* {% /tab %} {% tab title="CloudFormation" %} For AWS CloudFormation users, you can provision and manage your triggers using the CloudFormation [AWS::Logs::SubscriptionFilter](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-logs-subscriptionfilter.html) resource. See sample code below. The sample code also work for AWS [SAM](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/what-is-sam.html) and [Serverless Framework](https://www.serverless.com/). For Serverless Framework, put the code under the [resources](https://www.serverless.com/framework/docs/providers/aws/guide/resources/) section within your `serverless.yml`. ```yaml Resources: MyLogSubscriptionFilter: Type: "AWS::Logs::SubscriptionFilter" Properties: DestinationArn: "" LogGroupName: "" FilterPattern: "" ``` {% /tab %} #### Collecting logs from S3 buckets{% #collecting-logs-from-s3-buckets %} If you are collecting logs from an S3 bucket, configure the trigger to the [Datadog Forwarder Lambda function](https://docs.datadoghq.com/serverless/forwarder/) using one of the following methods: {% tab title="AWS Console" %} 1. Once the Lambda function is installed, manually add a trigger on the S3 bucket that contains your logs in the AWS console: {% image source="https://datadog-docs.imgix.net/images/logs/aws/adding_trigger.bf800f54049690ef4d358361e887e221.png?auto=format" alt="Adding trigger" /%} 1. Select the bucket and then follow the AWS instructions: {% image source="https://datadog-docs.imgix.net/images/logs/aws/integration_lambda.facd5ed4e39ceb4ac342317606e8fa7c.png?auto=format" alt="Integration Lambda" /%} 1. Set the correct event type on S3 buckets: {% image source="https://datadog-docs.imgix.net/images/logs/aws/object_created.050320f60595af799e53dfbfbe5ecf1e.png?auto=format" alt="Object Created" /%} Once done, go into your [Datadog Log section](https://app.datadoghq.com/logs) to start exploring your logs! {% /tab %} {% tab title="Terraform" %} For Terraform users, you can provision and manage your triggers using the [aws_s3_bucket_notification](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_notification) resource. See the sample code below. ``` resource "aws_s3_bucket_notification" "my_bucket_notification" { bucket = my_bucket lambda_function { lambda_function_arn = "" events = ["s3:ObjectCreated:*"] filter_prefix = "AWSLogs/" filter_suffix = ".log" } } ``` {% /tab %} {% tab title="CloudFormation" %} For CloudFormation users, you can configure triggers using the CloudFormation [NotificationConfiguration](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-notificationconfig.html) for your S3 bucket. See the sample code below. ```yaml Resources: Bucket: Type: AWS::S3::Bucket Properties: BucketName: "" NotificationConfiguration: LambdaConfigurations: - Event: 's3:ObjectCreated:*' Function: "" ``` {% /tab %} ## Scrubbing and filtering{% #scrubbing-and-filtering %} You can scrub emails or IP address from logs sent by the Lambda function, or define a custom scrubbing rule [in the Lambda parameters](https://github.com/DataDog/datadog-serverless-functions/tree/master/aws/logs_monitoring#log-scrubbing-optional). You can also exclude or send only those logs that match a specific pattern by using the [filtering option](https://github.com/DataDog/datadog-serverless-functions/tree/master/aws/logs_monitoring#log-filtering-optional). ## Further reading{% #further-reading %} - [Learn how to explore your logs](https://docs.datadoghq.com/logs/explorer/) - [Perform Log Analytics](https://docs.datadoghq.com/logs/explorer/#visualize) - [Learn how to process your logs](https://docs.datadoghq.com/logs/log_configuration/processors) - [How to send logs to Datadog while reducing data transfer fees](https://docs.datadoghq.com/logs/guide/reduce_data_transfer_fees)