Instrumenting Go Serverless Applications
If your Go Lambda functions are still using runtime
go1.x
and you cannot migrate to the
provided.al2
runtime, you must
instrument using the Datadog Forwarder. Otherwise, follow the instructions in this guide to instrument using the Datadog Lambda Extension.
Version 67+ of the Datadog Lambda Extension uses an optimized version of the extension.
Read more.
Installation
The Datadog Serverless Plugin automatically configures your functions to send metrics, traces, and logs to Datadog through the Datadog Lambda Extension.
To install and configure the Datadog Serverless Plugin, follow these steps:
Install the Datadog Serverless Plugin:
serverless plugin install --name serverless-plugin-datadog
Update your serverless.yml
:
custom:
datadog:
site: <DATADOG_SITE>
apiKeySecretArn: <DATADOG_API_KEY_SECRET_ARN>
To fill in the placeholders:
- Replace
<DATADOG_SITE>
with your Datadog site to send the telemetry to. - Replace
<DATADOG_API_KEY_SECRET_ARN>
with the ARN of the AWS secret where your Datadog API key is securely stored. The key needs to be stored as a plaintext string (not a JSON blob). The secretsmanager:GetSecretValue
permission is required. For quick testing, you can instead use apiKey
and set the Datadog API key in plaintext.
For more information and additional settings, see the plugin documentation.
Install the Datadog Lambda Extension
COPY --from=public.ecr.aws/datadog/lambda-extension:<TAG> /opt/. /opt/
Replace <TAG>
with either a specific version number (for example, 66
) or with latest
. Alpine is also supported with specific version numbers (such as 66-alpine
) or with latest-alpine
. You can see a complete list of possible tags in the Amazon ECR repository.
Set the required environment variables
- Set
DD_SITE
to
(ensure the correct SITE is selected on the right). - Set
DD_API_KEY_SECRET_ARN
to the ARN of the AWS secret where your Datadog API key is securely stored. The key needs to be stored as a plaintext string (not a JSON blob). The secretsmanager:GetSecretValue
permission is required. For quick testing, you can use DD_API_KEY
instead and set the Datadog API key in plaintext. - Optionally set
DD_UNIVERSAL_INSTRUMENTATION: true
to take advantage of advanced configurations such as capturing the Lambda request and response payloads and inferring APM spans from incoming Lambda events.
Install the Datadog Lambda Extension
Add the Lambda layer of Datadog Lambda Extension to your Lambda functions, using the ARN format based on your AWS region and architecture:
# Use this format for x86-based Lambda deployed in AWS commercial regions
arn:aws:lambda:<AWS_REGION>:464622532012:layer:Datadog-Extension:66
# Use this format for arm64-based Lambda deployed in AWS commercial regions
arn:aws:lambda:<AWS_REGION>:464622532012:layer:Datadog-Extension-ARM:66
# Use this format for x86-based Lambda deployed in AWS GovCloud regions
arn:aws-us-gov:lambda:<AWS_REGION>:002406178527:layer:Datadog-Extension:66
# Use this format for arm64-based Lambda deployed in AWS GovCloud regions
arn:aws-us-gov:lambda:<AWS_REGION>:002406178527:layer:Datadog-Extension-ARM:66
Replace <AWS_REGION>
with a valid AWS region, such as us-east-1
.
- Set
DD_SITE
to
(ensure the correct SITE is selected on the right). - Set
DD_API_KEY_SECRET_ARN
to the ARN of the AWS secret where your Datadog API key is securely stored. The key needs to be stored as a plaintext string string (not a JSON blob). The secretsmanager:GetSecretValue
permission is required. For quick testing, you can use DD_API_KEY
instead and set the Datadog API key in plaintext.
Install the Datadog Lambda library
go get github.com/DataDog/datadog-lambda-go
Update your Lambda function code
package main
import (
"context"
"net/http"
"time"
ddlambda "github.com/DataDog/datadog-lambda-go"
"github.com/aws/aws-lambda-go/events"
"github.com/aws/aws-lambda-go/lambda"
httptrace "gopkg.in/DataDog/dd-trace-go.v1/contrib/net/http"
"gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer"
)
func main() {
// Wrap your lambda handler
lambda.Start(ddlambda.WrapFunction(myHandler, nil))
}
func myHandler(ctx context.Context, _ events.APIGatewayProxyRequest) (string, error) {
// Trace an HTTP request
req, _ := http.NewRequestWithContext(ctx, "GET", "https://www.datadoghq.com", nil)
client := http.Client{}
client = *httptrace.WrapClient(&client)
client.Do(req)
// Submit a custom metric
ddlambda.Metric(
"coffee_house.order_value", // Metric name
12.45, // Metric value
"product:latte", "order:online", // Associated tags
)
// Create a custom span
s, _ := tracer.StartSpanFromContext(ctx, "child.span")
time.Sleep(100 * time.Millisecond)
s.Finish()
return "ok", nil
}
}
Minimize cold start duration
Version 67+ of the Datadog Extension is optimized to significantly reduce cold start duration.
To use the optimized extension, disable Application Security Management (ASM), Continuous Profiler for Lambda, and OpenTelemetry based tracing. Set the following environment variables to false
:
DD_TRACE_OTEL_ENABLED
DD_PROFILING_ENABLED
DD_SERVERLESS_APPSEC_ENABLED
Enabling any of these features cause the extension to default back to the fully compatible older version of the extension. You can also force your extension to use the older version by setting DD_EXTENSION_VERSION
to compatibility
. Datadog encourages you to report any feedback or bugs by adding an issue on GitHub and tagging your issue with version/next
.
What’s next?
- Congratulations! You can now view metrics, logs, and traces on the Serverless Homepage.
- Turn on threat monitoring to get alerted on attackers targeting your service
- See the troubleshooting guide if you have trouble collecting the telemetry
- See the advanced configurations to
- connect your telemetry using tags
- collect telemetry for Amazon API Gateway, SQS, etc.
- capture the Lambda request and response payloads
- link errors of your Lambda functions to your source code
- filter or scrub sensitive information from logs or traces
Further Reading
Additional helpful documentation, links, and articles: