Datadog Lambda Extension AWS PrivateLink Setup

Datadog Lambda Extension AWS PrivateLink Setup

Datadog exposes AWS PrivateLink endpoints in us-east-1.

Datadog PrivateLink does not support the Datadog for Government site.

This guide walks you through how to set up the Datadog Lambda Extension inside a VPC using AWS PrivateLink.

Overview

The Datadog Lambda Extension is a companion process that augments your Lambda functions to collect data such as logs, traces, and metrics and forwards them to Datadog. For functions running inside a Virtual Private Cloud (VPC) network access may be restricted by subnet routing rules or network ACLs, preventing access to Datadog’s API. This article covers adding Datadog’s AWS PrivateLink endpoints to your VPC, in addition to related setup of the Datadog Lambda Extension.

Add Datadog’s Private Link endpoints to your VPC, as described in the PrivateLink guide. The Extension requires the metric, log, API, and trace endpoints. For regions outside us-east-1, you may want to set up inter-region peering.

Extension configuration

By default, the Extension uses different API endpoints than the Datadog Agent. Override the endpoints by setting the following environment variables on the Lambda function.

DD_LOGS_CONFIG_LOGS_DD_URL="agent-http-intake.logs.datadoghq.com:443"

Alternatively, you can configure the Extension by adding a datadog.yaml file in the same folder as the Lambda handler code.

logs_config:
    logs_dd_url: agent-http-intake.logs.datadoghq.com:443

Further Reading

Additional helpful documentation, links, and articles: