Datadog Serverless CLI
You can use the CLI to instrument your AWS Lambda functions with Datadog. The CLI enables instrumentation by modifying existing Lambda functions’ configuration and hence does not require redeployment. It is the quickest way to get started with Datadog serverless monitoring.
You can also add the command to your CI/CD pipelines to enable instrumentation for all your serverless applications. Run the command after your normal serverless application deployment, so that changes made by the Datadog CLI command do not get overridden.
Installation
To instrument your Lambda functions using the datadog-ci lambda instrument
command, follow the instructions for a specific runtime listed below:
Commands
instrument
Run datadog-ci lambda instrument
to apply Datadog instrumentation to a Lambda. This command adds the Datadog Lambda Library and/or the Datadog Lambda Extension as Lambda Layers to the instrumented Lambda functions and modifies their configurations.
datadog-ci lambda instrument -f <function-name> -f <another-function-name> -r us-east-1 -v 46 -e 10
# Instrument function(s) in interactive mode
datadog-ci lambda instrument -i
# Instrument multiple functions that match a regex pattern
datadog-ci lambda instrument --functions-regex <valid-regex-pattern> -r us-east-1 -v 46 -e 10
# Dry run of all updates
datadog-ci lambda instrument -f <function-name> -f <another-function-name> -r us-east-1 -v 46 -e 10 --dry
uninstrument
Run datadog-ci lambda uninstrument
to revert Datadog instrumentation in a Lambda. This command automatically removes the Datadog configuration, such as the Datadog Lambda Library and the Datadog Lambda Extension layers, as well as other configurations applied by the datadog-ci.
# Uninstrument multiple functions specified by names
datadog-ci lambda uninstrument -f <function-name> -f <another-function-name> -r us-east-1
# Uninstrument function(s) in interactive mode
datadog-ci lambda uninstrument -i
# Uninstrument multiple functions that match a regex pattern
datadog-ci lambda uninstrument --functions-regex <valid-regex-pattern> -r us-east-1
# Dry run of all updates
datadog-ci lambda uninstrument -f <function-name> -f <another-function-name> -r us-east-1 --dry
See the configuration section for additional settings.
Configuration
AWS Credentials
You must have valid AWS credentials configured with access to the Lambda and CloudWatch services where you are running any datadog-ci lambda
command.
Environment variables
You must expose these environment variables in the environment where you are running datadog-ci lambda instrument
:
Environment Variable | Description | Example |
---|
DATADOG_API_KEY | Datadog API Key. Sets the DD_API_KEY environment variable on your Lambda function configuration. For more information about getting a Datadog API key, see the API key documentation. | export DATADOG_API_KEY=<API_KEY> |
DATADOG_API_KEY_SECRET_ARN | The ARN of the secret storing the Datadog API key in AWS Secrets Manager. Sets the DD_API_KEY_SECRET_ARN on your Lambda function configuration. Notes: DD_API_KEY_SECRET_ARN is ignored when DD_KMS_API_KEY is set. Add the secretsmanager:GetSecretValue permission to the Lambda execution role. | export DATADOG_API_KEY_SECRET_ARN=<SECRETS_MANAGER_RESOURCE_ARN> |
DATADOG_KMS_API_KEY | Datadog API Key encrypted using KMS. Sets the DD_KMS_API_KEY environment variable on your Lambda function configuration. Note: DD_API_KEY is ignored when DD_KMS_API_KEY is set. | export DATADOG_KMS_API_KEY=<KMS_ENCRYPTED_API_KEY> |
DATADOG_SITE | Set which Datadog site to send data. Only needed when using the Datadog Lambda Extension. Possible values are datadoghq.com , datadoghq.eu , us3.datadoghq.com , us5.datadoghq.com , and ddog-gov.com . The default is datadoghq.com . Sets the DD_SITE environment variable on your Lambda function configurations. | export DATADOG_SITE="datadoghq.com" |
Arguments
Configuration can be done using command-line arguments or a JSON configuration file (see the next section).
instrument
You can pass the following arguments to instrument
to specify its behavior. These arguments will override the values set in the configuration file, if any.
Argument | Shorthand | Description | Default |
---|
--function | -f | The ARN of the Lambda function to be instrumented, or the name of the Lambda function (--region must be defined). | |
--functions-regex | | A regex pattern to match with the Lambda function name. | |
--interactive | -i | Allows the user to interactively choose how their function gets instrumented. There is no need to provide any other flags if you choose to use interactive mode since you will be prompted for the information instead. | |
--region | -r | Default region to use, when --function is specified by the function name instead of the ARN. | |
--service | | Use --service to group related functions belonging to similar workloads. Learn more about the service tag here. | |
--version | | Add the --version tag to correlate spikes in latency, load or errors to new versions. Learn more about the version tag here. | |
--env | | Use --env to separate out your staging, development, and production environments. Learn more about the env tag here. | |
--extra-tags | | Add custom tags to your Lambda function in Datadog. Must be a list of <key>:<value> separated by commas such as: layer:api,team:intake . | |
--profile | | Specify the AWS named profile credentials to use to instrument. Learn more about AWS named profiles here. | |
--layer-version | -v | Version of the Datadog Lambda Library layer to apply. This varies between runtimes. To see the latest layer version check the JS or python datadog-lambda-layer repo release notes. | |
--extension-version | -e | Version of the Datadog Lambda Extension layer to apply. When extension-version is set, make sure to export DATADOG_API_KEY (or if encrypted, DATADOG_KMS_API_KEY or DATADOG_API_KEY_SECRET_ARN ) in your environment as well. While using extension-version , leave out forwarder . Learn more about the Lambda Extension here. | |
--tracing | | Whether to enable dd-trace tracing on your Lambda. | true |
--merge-xray-traces | | Whether to join dd-trace traces to AWS X-Ray traces. Useful for tracing API Gateway spans. | false |
--flush-metrics-to-logs | | Whether to send metrics via the Datadog Forwarder asynchronously. If you disable this parameter, it’s required to export DATADOG_API_KEY (or if encrypted, DATADOG_KMS_API_KEY or DATADOG_API_KEY_SECRET_ARN ). | true |
--capture-lambda-payload | | Whether to capture and store the payload and response of a lambda invocation. | false |
--forwarder | | The ARN of the datadog forwarder to attach this function’s LogGroup to. | |
--dry | -d | Preview changes running command would apply. | false |
--log-level | | Set to debug to see additional output from the Datadog Lambda Library and/or Lambda Extension for troubleshooting purposes. | |
--source-code-integration | -s | Whether to enable Datadog Source Code Integration. This will tag your lambda(s) with the Git repository URL and the latest commit of the current local directory. Note: Git repository must not be ahead of remote, and must not be dirty. | true |
--no-source-code-integration | | Disables Datadog Source Code Integration. | |
uninstrument
The following arguments are passed to uninstrument
to specify its behavior. These arguments will override the values set in the configuration file, if any.
Any other argument stated on the instrument
table, but not below, will be ignored, this to allow you to uninstrument quicker, if needed.
Argument | Shorthand | Description | Default |
---|
--function | -f | The ARN of the Lambda function to be uninstrumented, or the name of the Lambda function (--region must be defined). | |
--functions-regex | | A regex pattern to match with the Lambda function name to be uninstrumented. | |
--region | -r | Default region to use, when --function is specified by the function name instead of the ARN. | |
--profile | | Specify the AWS named profile credentials to use to uninstrument. Learn more about AWS named profiles here. | |
--forwarder | | The ARN of the datadog forwarder to remove from this function. | |
--dry | -d | Preview changes running command would apply. | false |
Configuration file
Instead of supplying arguments, you can create a configuration file in your project and simply run the datadog-ci lambda {instrument|uninstrument} --config datadog-ci.json
command on each deployment. Specify the datadog-ci.json
using the --config
argument, and use this configuration file structure:
{
"lambda": {
"layerVersion": 10,
"extensionVersion": 8,
"functions": ["arn:aws:lambda:us-east-1:000000000000:function:autoinstrument"],
"region": "us-east-1",
"tracing": true,
"mergeXrayTraces": true,
"captureLambdaPayload": true,
"forwarder": "arn:aws:lambda:us-east-1:000000000000:function:datadog-forwarder",
"logLevel": "debug",
"service":"some-service",
"version":"b17s47h3w1n",
"profile": "my-credentials"
"environment":"staging",
"extraTags":"layer:api,team:intake"
}
}
For product feedback and questions, join the #serverless
channel in the Datadog community on Slack.