Set up the Datadog AWS integration

If you haven’t already, set up the Amazon Web Services integration. You must also add the required permissions for resource collection.

Enable CSM for your AWS accounts

Use one of the following methods to enable CSM for your AWS accounts:

CSM Setup page

1. On the Cloud Security Management Setup page, click Cloud accounts.
2. Expand the AWS section.
3. To enable resource collection for an account, click the Resource Scanning toggle.
4. To create a filter that excludes certain resources from being evaluated by CSM, click the Plus (+) icon under Resource Evaluation Filters (Optional). For more information, see Use Filters to Exclude Resources from Evaluation.
5. Click Done.

Amazon Web Services integration page

1. On the Amazon Web Services Integration page, select an AWS account.
2. On the Resource Collection tab, select the Cloud Security Posture Management Collection checkbox.
3. Click Save.

Set up the Datadog Azure integration

If you haven’t already, set up the Microsoft Azure integration.

Note: To access the full set of Azure compliance rules for CSM Misconfigurations, you must enable the Application.Read.All, Directory.Read.All, Group.Read.All, Policy.Read.All, and User.Read.All permissions for the Microsoft Graph API.

Enable CSM for your Azure subscriptions

Use one of the following methods to enable CSM for your Azure subscriptions:

CSM Setup page

1. On the Cloud Security Management Setup page, click Cloud accounts.
2. Expand the Azure section.
3. To enable resource collection for a subscription, click the Resource Scanning toggle.
4. To create a filter that excludes certain resources from being evaluated by CSM, click the Plus (+) icon under Resource Evaluation Filters (Optional). For more information, see Use Filters to Exclude Resources from Evaluation.
5. Click Done.

Azure integration page

1. On the Azure Integration page, select an Azure app registration.
2. Under Resource Collection, select the Collect resources for Cloud Security Posture Management checkbox.
3. Click Submit Changes.

Set up the Datadog Google Cloud Platform integration

The Datadog Google Cloud Platform integration uses service accounts to create an API connection between Google Cloud and Datadog. To enable metric collection, create a service account, and then provide Datadog with the service account credentials to begin making API calls on your behalf. For step-by-step instructions, see Create your Google Cloud service account.

Note: Google Cloud billing, the Cloud Monitoring API, the Compute Engine API, and the Cloud Asset API must all be enabled for the projects you wish to monitor.

Datadog

1. In Datadog, navigate to the Google Cloud Platform Integration page.
2. On the Configuration tab, locate the service account and select Upload Private Key File to integrate the project with Datadog.
3. Upload the JSON file, then click Update Configuration.
4. To monitor multiple projects, use one of the following methods:
   • Repeat the process above to use multiple service accounts.
   • Use the same service account by updating the project_id in the downloaded JSON file. Then, upload the file to Datadog as described in steps 1-3.

Enable CSM for your Google Cloud projects

Use one of the following methods to enable CSM for your Google Cloud projects:

CSM Setup page

1. On the Cloud Security Management Setup page, click Cloud accounts.
2. Expand the GCP section.
3. To enable resource collection for a project, click the Resource Scanning toggle.
4. To create a filter that excludes certain resources from being evaluated by CSM, click the Plus (+) icon under Resource Evaluation Filters (Optional). For more information, see Use Filters to Exclude Resources from Evaluation.
5. Click Done.

Google Cloud Platform integration page

1. On the Google Cloud Platform Integration page, select a Google Cloud project.
2. Under Resource Collection, select the Enable Cloud Security Posture Management checkbox.
3. Click Save.