--- title: Lambda functions without X-Ray tracing description: Datadog, the leading service for cloud-scale monitoring. breadcrumbs: >- Docs > Datadog Security > Code Security > Infrastructure as Code (IaC) Security > IaC Security Rules > Lambda functions without X-Ray tracing --- # Lambda functions without X-Ray tracing {% callout %} # Important note for users on the following Datadog sites: app.ddog-gov.com, us2.ddog-gov.com {% alert level="danger" %} This product is not supported for your selected [Datadog site](https://docs.datadoghq.com/getting_started/site.md). ({% placeholder "user-datadog-site-name" /%}). {% /alert %} {% /callout %} ## Metadata{% #metadata %} **Id:** `terraform-aws-lambda-functions-without-x-ray-tracing` **Provider:** AWS **Platform:** Terraform **Severity:** Low **Category:** Observability #### Learn More{% #learn-more %} - [Provider Reference](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function#tracing_config) ### Description{% #description %} AWS Lambda functions should have the `TracingConfig` property set with `mode = "Active"` to enable active tracing, which provides detailed request and performance monitoring through AWS X-Ray. When `tracing_config` is either omitted or configured as `mode = "PassThrough"`, as shown below, tracing data isn't automatically captured for Lambda invocations: ``` tracing_config { mode = "PassThrough" } ``` Without active tracing, teams lose critical visibility into Lambda execution, making it harder to detect and troubleshoot performance issues or security incidents in serverless environments. ## Compliant Code Examples{% #compliant-code-examples %} ```terraform resource "aws_iam_role" "iam_for_lambda" { name = "iam_for_lambda" assume_role_policy = <