ASM support for AWS Lambda is in beta. Threat detection is done by using the Datadog's lambda extension.

Don't see your desired technology listed here? Datadog is continually adding additional support. Fill out this short form to send details.

Language and framework compatibility

Supported cloud environments

  • AWS Lambda (beta)

Version dependencies

  • Lambda Extension version: 39
  • Serverless plugin version: 5.20.0

Supported languages and their requirements

Node.js
If you are bundling using webpack or esbuild, follow the specific bundler instructions.
Python
Java
To fully instrument your serverless application with distributed tracing, your Java Lambda functions must use the Java 8 Corretto (java8.al2), Java 11 (java11) or Java 17 (java17) runtimes with at least 1024MB of memory.
If you use the Datadog Lambda layers dd-trace-java:4 (or older) and Datadog-Extension:24 (or older), follow the instructions in Upgrade Instrumentation for Java Lambda Functions.
Go
.NET

ASM capabilities

The following ASM capabilities are not supported for Lambda functions:

  • ASM Risk Management
  • IP, user, and suspicious request blocking
  • 1-Click enabling ASM

ASM capabilities support

The following ASM capabilities are supported for serverless, for the specified Datadog Lambda extension version:

ASM capabilityMinimum extension version
Threat Detection
–> Business logic API
Supported for Node.js, Java, Python, Go, and .NET with Lambda Extension version 39 and Serverless plugin version 5.20.0.
–> Business logic capabilities follow the language-specific versions in which the service is built.
Threat Protection
–> IP blocking
–> Suspicious request blocking
–> User blocking
not supported


Vulnerability Management
–> Open source vulnerability detection
–> Custom code vulnerability detection
not supported
If you would like to see support added for any of the unsupported capabilities, let us know! Fill out this short form to send details.

Supported trigger types

ASM Threat Detection supports HTTP requests as function input only. These typically come from AWS services such as:

  • Application Load Balancer (ALB)
  • API Gateway v1 (Rest API)
  • API Gateway v2 (HTTP API)
  • Function URL