The Datadog CLI modifies existing Lambda functions’ configurations to enable instrumentation without requiring a new deployment. It is the quickest way to get started with Datadog’s serverless monitoring.
Install the Datadog CLI client
npm install -g @datadog/datadog-ci
If you are new to Datadog serverless monitoring, launch the Datadog CLI in interactive mode to guide your first installation for a quick start, and you can ignore the remaining steps. To permanently install Datadog for your production applications, skip this step and follow the remaining ones to run the Datadog CLI command in your CI/CD pipelines after your normal deployment.
datadog-ci lambda instrument -i
Configure the AWS credentials
The Datadog CLI requires access to the AWS Lambda service and depends on the AWS JavaScript SDK to resolve the credentials. Ensure your AWS credentials are configured using the same method you would use when invoking the AWS CLI.
Configure the Datadog site
export DATADOG_SITE="<DATADOG_SITE>"
Replace <DATADOG_SITE>
with
(ensure the correct SITE is selected on the right).
Configure the Datadog API key
Datadog recommends saving the Datadog API key in AWS Secrets Manager for security and easy rotation. The key needs to be stored as a plaintext string (not a JSON blob). Ensure your Lambda functions have the required secretsmanager:GetSecretValue
IAM permission.
export DATADOG_API_KEY_SECRET_ARN="<DATADOG_API_KEY_SECRET_ARN>"
For quick testing purposes, you can also set the Datadog API key in plaintext:
export DATADOG_API_KEY="<DATADOG_API_KEY>"
Instrument your Lambda functions
Note: Instrument your Lambda functions in a dev or staging environment first! Should the instrumentation result be unsatisfactory, run uninstrument
with the same arguments to revert the changes.
To instrument your Lambda functions, run the following command.
datadog-ci lambda instrument -f <functionname> -f <another_functionname> -r <aws_region> -v 16 -e 65
To fill in the placeholders:
- Replace
<functionname>
and <another_functionname>
with your Lambda function names. Alternatively, you can use --functions-regex
to automatically instrument multiple functions whose names match the given regular expression. - Replace
<aws_region>
with the AWS region name.
Additional parameters can be found in the CLI documentation.
The Datadog Serverless Plugin automatically configures your functions to send metrics, traces, and logs to Datadog through the Datadog Lambda Extension.
To install and configure the Datadog Serverless Plugin, follow these steps:
Install the Datadog Serverless Plugin:
serverless plugin install --name serverless-plugin-datadog
Update your serverless.yml
:
custom:
datadog:
site: <DATADOG_SITE>
apiKeySecretArn: <DATADOG_API_KEY_SECRET_ARN>
To fill in the placeholders:
- Replace
<DATADOG_SITE>
with
(ensure the correct SITE is selected on the right). - Replace
<DATADOG_API_KEY_SECRET_ARN>
with the ARN of the AWS secret where your Datadog API key is securely stored. The key needs to be stored as a plaintext string (not a JSON blob). The secretsmanager:GetSecretValue
permission is required. For quick testing, you can instead use apiKey
and set the Datadog API key in plaintext.
For more information and additional settings, see the plugin documentation.
The Datadog CloudFormation macro automatically transforms your SAM application template to install Datadog on your functions using Lambda layers, and configures your functions to send metrics, traces, and logs to Datadog through the Datadog Lambda Extension.
Install the Datadog CloudFormation macro
Run the following command with your AWS credentials to deploy a CloudFormation stack that installs the macro AWS resource. You only need to install the macro once for a given region in your account. Replace create-stack
with update-stack
to update the macro to the latest version.
aws cloudformation create-stack \
--stack-name datadog-serverless-macro \
--template-url https://datadog-cloudformation-template.s3.amazonaws.com/aws/serverless-macro/latest.yml \
--capabilities CAPABILITY_AUTO_EXPAND CAPABILITY_IAM
The macro is now deployed and ready to use.
Instrument your Lambda functions
Add the DatadogServerless
transform after the AWS::Serverless
transform under the Transform
section in your template.yml
file for SAM.
Transform:
- AWS::Serverless-2016-10-31
- Name: DatadogServerless
Parameters:
stackName: !Ref "AWS::StackName"
dotnetLayerVersion: 16
extensionLayerVersion: 65
site: "<DATADOG_SITE>"
apiKeySecretArn: "<DATADOG_API_KEY_SECRET_ARN>"
To fill in the placeholders:
- Replace
<DATADOG_SITE>
with
(ensure the correct SITE is selected on the right). - Replace
<DATADOG_API_KEY_SECRET_ARN>
with the ARN of the AWS secret where your Datadog API key is securely stored. The key needs to be stored as a plaintext string (not a JSON blob). The secretsmanager:GetSecretValue
permission is required. For quick testing, you can use apiKey
instead and set the Datadog API key in plaintext.
More information and additional parameters can be found in the macro documentation.
Install the Datadog Lambda Extension
COPY --from=public.ecr.aws/datadog/lambda-extension:<TAG> /opt/. /opt/
Replace <TAG>
with either a specific version number (for example, 65
) or with latest
. Alpine is also supported with specific version numbers (such as 65-alpine
) or with latest-alpine
. You can see a complete list of possible tags in the Amazon ECR repository.
Install the Datadog .NET APM client
RUN yum -y install tar wget gzip
RUN wget https://github.com/DataDog/dd-trace-dotnet/releases/download/v<TRACER_VERSION>/datadog-dotnet-apm-<TRACER_VERSION>.tar.gz
RUN mkdir /opt/datadog
RUN tar -C /opt/datadog -xzf datadog-dotnet-apm-<TRACER_VERSION>.tar.gz
ENV AWS_LAMBDA_EXEC_WRAPPER /opt/datadog_wrapper
Replace <TRACER_VERSION>
with the version number of dd-trace-dotnet
you would like to use (for example, 2.3.0
). The minimum supported version is 2.3.0
. You can see the latest versions of dd-trace-dotnet
in GitHub.
Set the required environment variables
- Set the environment variable
DD_SITE
to
(ensure the correct SITE is selected on the right). - Set the environment variable
DD_API_KEY_SECRET_ARN
with the ARN of the AWS secret where your Datadog API key is securely stored. The key needs to be stored as a plaintext string (not a JSON blob). The secretsmanager:GetSecretValue
permission is required. For quick testing, you can use DD_API_KEY
instead and set the Datadog API key in plaintext.
The lambda-datadog
Terraform module wraps the aws_lambda_function
resource and automatically configures your Lambda function for Datadog Serverless Monitoring by:
- Adding the Datadog Lambda layers
- Redirecting the Lambda handler
- Enabling the collection and sending of metrics, traces, and logs to Datadog
module "lambda-datadog" {
source = "DataDog/lambda-datadog/aws"
version = "1.5.0"
environment_variables = {
"DD_API_KEY_SECRET_ARN" : "<DATADOG_API_KEY_SECRET_ARN>"
"DD_ENV" : "<ENVIRONMENT>"
"DD_SERVICE" : "<SERVICE_NAME>"
"DD_SITE": "<DATADOG_SITE>"
"DD_VERSION" : "<VERSION>"
}
datadog_extension_layer_version = 65
datadog_dotnet_layer_version = 16
# aws_lambda_function arguments
}
Replace the aws_lambda_function
resource with the lambda-datadog
Terraform module then specify the source
and version
of the module.
Set the aws_lambda_function
arguments:
All of the arguments available in the aws_lambda_function
resource are available in this Terraform module. Arguments defined as blocks in the aws_lambda_function
resource are redefined as variables with their nested arguments.
For example, in aws_lambda_function
, environment
is defined as a block with a variables
argument. In the lambda-datadog
Terraform module, the value for the environment_variables
is passed to the environment.variables
argument in aws_lambda_function
. See inputs for a complete list of variables in this module.
Fill in the environment variable placeholders:
- Replace
<DATADOG_API_KEY_SECRET_ARN>
with the ARN of the AWS secret where your Datadog API key is securely stored. The key needs to be stored as a plaintext string (not a JSON blob). The secretsmanager:GetSecretValue
permission is required. For quick testing, you can instead use the environment variable DD_API_KEY
and set your Datadog API key in plaintext. - Replace
<ENVIRONMENT>
with the Lambda function’s environment, such as prod
or staging
- Replace
<SERVICE_NAME>
with the name of the Lambda function’s service - Replace
<DATADOG_SITE>
with
. (Ensure the correct Datadog site is selected on this page). - Replace
<VERSION>
with the version number of the Lambda function
Select the versions of the Datadog Extension Lambda layer and Datadog .NET Lambda layer to use. Defaults to the latest layer versions.
datadog_extension_layer_version = 65
datadog_dotnet_layer_version = 16
Install the Datadog Tracer
Configure the layers for your Lambda function using the ARN in the following format:
# Use this format for x86-based Lambda deployed in AWS commercial regions
arn:aws:lambda:<AWS_REGION>:464622532012:layer:dd-trace-dotnet:16
# Use this format for arm64-based Lambda deployed in AWS commercial regions
arn:aws:lambda:<AWS_REGION>:464622532012:layer:dd-trace-dotnet-ARM:16
# Use this format for x86-based Lambda deployed in AWS GovCloud regions
arn:aws-us-gov:lambda:<AWS_REGION>:002406178527:layer:dd-trace-dotnet:16
# Use this format for arm64-based Lambda deployed in AWS GovCloud regions
arn:aws-us-gov:lambda:<AWS_REGION>:002406178527:layer:dd-trace-dotnet-ARM:16
Replace <AWS_REGION>
with a valid AWS region, such as us-east-1
.
Install the Datadog Lambda Extension
Configure the layers for your Lambda function using the ARN in the following format:
# Use this format for x86-based Lambda deployed in AWS commercial regions
arn:aws:lambda:<AWS_REGION>:464622532012:layer:Datadog-Extension:65
# Use this format for arm64-based Lambda deployed in AWS commercial regions
arn:aws:lambda:<AWS_REGION>:464622532012:layer:Datadog-Extension-ARM:65
# Use this format for x86-based Lambda deployed in AWS GovCloud regions
arn:aws-us-gov:lambda:<AWS_REGION>:002406178527:layer:Datadog-Extension:65
# Use this format for arm64-based Lambda deployed in AWS GovCloud regions
arn:aws-us-gov:lambda:<AWS_REGION>:002406178527:layer:Datadog-Extension-ARM:65
Replace <AWS_REGION>
with a valid AWS region, such as us-east-1
.
Set the required environment variables
- Set
AWS_LAMBDA_EXEC_WRAPPER
to /opt/datadog_wrapper
. - Set
DD_SITE
to
(ensure the correct SITE is selected on the right). - Set
DD_API_KEY_SECRET_ARN
to the ARN of the AWS secret where your Datadog API key is securely stored. The key needs to be stored as a plaintext string (not a JSON blob). The secretsmanager:GetSecretValue
permission is required. For quick testing, you can use DD_API_KEY
instead and set the Datadog API key in plaintext.