Setting Up Cloud Security without Infrastructure Monitoring
Set up Cloud Security with your cloud provider
In addition to setting up Cloud Security with or without an Agent, you can also set it up without Infrastructure Monitoring. Doing so disables metric data submission (including Custom Metrics) so that hosts stop showing up in Datadog.
AWS
- Navigate to the AWS Integration configuration page in Datadog.
- On the Configuration tab, select the account you want to enable Cloud Security on.
If you don’t see the required account, add it by clicking Add AWS Account(s) and following the onscreen prompts. - To turn off infrastructure monitoring on the selected account, under the account number, navigate to the Metric Collection tab, then click the disable metric collection link. Then, click Disable Metric Collection to confirm.
- On the Resource Collection tab, click Enable next to Cloud Security. You are redirected to the Cloud Security Setup page, and a setup dialog automatically opens for the selected account.
- On the setup dialog, switch the Enable Resource Scanning toggle to the on position.
- Click Done to complete the setup.
Note: In your Cloud Security settings, set up resource evaluation filters to limit the number of hosts you need security on.
Azure
- Navigate to the Azure Integration configuration page in Datadog.
- Select the client ID or subscription you want to enable Cloud Security on.
If you don’t see the required client ID, add it by clicking Add New App Registration and following the onscreen prompts. - To turn off infrastructure monitoring on the selected account, under the client ID, navigate to the Metric Collection tab, then turn off the Enable Metric Collection toggle.
- On the Resource Collection tab, click Enable next to Cloud Security. You are redirected to the Cloud Security Setup page, which automatically scrolls to the selected Azure subscription in the Cloud Integrations section.
- Switch the Resource Scanning toggle to the on position.
- Click Done to complete the setup.
Note: In your Cloud Security settings, set up resource evaluation filters to limit the number of hosts you need security on.
- Navigate to the Google Cloud Platform configuration page in Datadog.
- Select the service account you want to enable Cloud Security on.
If you don’t see the required account, add it by clicking Add GCP Account and following the onscreen prompts. - To turn off infrastructure monitoring on the selected account, under the account name, navigate to the Metric Collection tab. Then, above the Metric Collection table, click Disable All.
- On the Resource Collection tab, click Enable next to Cloud Security. You are redirected to the Cloud Security Setup page, which automatically scrolls to the selected Google Cloud Platform project in the Cloud Integrations section.
- Switch the Resource Scanning toggle to the on position.
- Click Done to complete the setup.
Note: In your Cloud Security settings, set up resource evaluation filters to limit the number of hosts you need security on.
Set up the Datadog Agent
If you’re using the Datadog Agent, you must run Agent v6.4+.
If you’re using the Docker containerized Agent, add and set the following environment variables to false to the Cloud Security configuration for Agent:
-e DD_ENABLE_PAYLOADS_EVENTS=false \
-e DD_ENABLE_PAYLOADS_SERIES=false \
-e DD_ENABLE_PAYLOADS_SERVICE_CHECKS=false \
-e DD_ENABLE_PAYLOADS_SKETCHES=false \
If you’re deploying the Agent in Kubernetes, make the following changes in your Helm chart in addition to the Cloud Security configuration for Agent:
clusterAgent:
enabled: false
datadog:
[...]
processAgent:
enabled: false
containerCollection: false
[...]
env:
- name: DD_ENABLE_PAYLOADS_EVENTS
value: "false"
- name: DD_ENABLE_PAYLOADS_SERIES
value: "false"
- name: DD_ENABLE_PAYLOADS_SERVICE_CHECKS
value: "false"
- name: DD_ENABLE_PAYLOADS_SKETCHES
value: "false"
