Install Serverless Monitoring for AWS Step Functions

Requirements

  • The full Step Function execution length must be less than 15 minutes for full traces.
  • Linked Lambda traces are supported for Node.js (layer v94+) and Python (layer v75+) runtimes.

Setup

    For developers using Serverless Framework to deploy serverless applications, use the Datadog Serverless Framework Plugin.

    1. If you have not already, install the Datadog Serverless Framework Plugin v5.40.0+:

      serverless plugin install --name serverless-plugin-datadog

    2. Ensure you have deployed the Datadog Lambda Forwarder, a Lambda function that ships logs from AWS to Datadog, and that you are using v3.74.0+. You may need to update your Forwarder.

      Take note of your Forwarder’s ARN.

    3. Add the following to your serverless.yml:

      custom:
  datadog:
    site: <DATADOG_SITE>
    apiKeySecretArn: <DATADOG_API_KEY_SECRET_ARN>
    forwarderArn: <FORWARDER_ARN>
    enableStepFunctionTracing: true
      • Replace <DATADOG_SITE> with (ensure the correct SITE is selected on the right).
      • Replace <DATADOG_API_KEY_SECRET_ARN> with the ARN of the AWS secret where your Datadog API key is securely stored. The key needs to be stored as a plaintext string (not a JSON blob). The secretsmanager:GetSecretValue permission is required. For quick testing, you can instead use apiKey and set the Datadog API key in plaintext.
      • Replace <FORWARDER_ARN> with the ARN of your Datadog Lambda Forwarder, as noted previously.

      For additional settings, see Datadog Serverless Framework Plugin - Configuration parameters.

    4. For Node.js and Python runtimes, set mergeStepFunctionAndLambdaTraces:true in your serverless.yaml file. This links your Step Function traces with Lambda traces. If you have not instrumented your Lambda functions to send traces, you can follow the steps to add the Lambda layer for your preferred runtime.

    1. If you have not already, install the Datadog CLI v2.18.0+.

      npm install -g @datadog/datadog-ci

    2. Ensure you have deployed the Datadog Lambda Forwarder, a Lambda function that ships logs from AWS to Datadog, and that you are using v3.74.0+. You may need to update your Forwarder.

      Take note of your Forwarder’s ARN.

    3. Instrument your Step Function.

      datadog-ci stepfunctions instrument --step-function <STEP_FUNCTION_ARN> --forwarder <FORWARDER_ARN>
      • Replace <STEP_FUNCTION_ARN> with the ARN of your Step Function.
      • Replace <FORWARDER_ARN> with the ARN of your Datadog Lambda Forwarder, as noted previously.

      For more information about the datadog-ci stepfunctions command, see the Datadog CLI documentation.

    4. For Node.js and Python runtimes, add the flag --mergeStepFunctionAndLambdaTraces in your command. This links your Step Function traces with Lambda traces. If you have not yet instrumented your Lambda functions to send traces, you can follow the steps to add the Lambda layer for your preferred runtime.

    1. Enable all logging for your Step Function. In your AWS console, open your state machine. Click Edit and find the Logging section. There, set Log level to ALL and enable the Include execution data checkbox.

      AWS UI, Logging section, showing log level set to ALL.

    2. Ensure you have deployed the Datadog Lambda Forwarder, a Lambda function that ships logs from AWS to Datadog, and that you are using v3.74.0+. You may need to update your Forwarder.

      Take note of your Forwarder’s ARN.

    3. Subscribe CloudWatch logs to the Datadog Lambda Forwarder. To do this, you have two options:

      • Datadog-AWS integration (recommended)

        1. Ensure that you have set up the Datadog-AWS integration.
        2. In Datadog, open the AWS integration tile, and view the Configuration tab.
        3. On the left, select the AWS account where your Step Function is running. Open the Log Collection tab.
        4. In the Log Autosubscription section, under Autosubscribe Forwarder Lambda Functions, enter the ARN of your Datadog Lambda Forwarder, as noted previously. Click Add.
        5. Toggle on Step Functions CloudWatch Logs. Changes take 15 minutes to take effect.

        Note: Log Autosubscription requires your Lambda Forwarder and Step Function to be in the same region.

      • Manual

        1. Ensure that your log group name has the prefix /aws/vendedlogs/states.
        2. Open your AWS console and go to your Datadog Lambda Forwarder. In the Function overview section, click on Add trigger.
        3. Under Add trigger, in the Trigger configuration section, use the Select a source dropdown to select CloudWatch Logs.
        4. Under Log group, select the log group for your state machine. For example, /aws/vendedlogs/states/my-state-machine.
        5. Enter a filter name. You can choose to name it “empty filter” and leave the Filter pattern box blank.
    If you are using a different instrumentation method such as Serverless Framework or datadog-ci, enabling autosubscription may create duplicated logs. Choose one configuration method to avoid this behavior..

    1. Enable tracing on your Step Function by adding a DD_TRACE_ENABLED tag. Set the value to true.

    2. Set up tags. Open your AWS console and go to your Step Functions state machine. Open the Tags section and add env:<ENV_NAME> and service:<SERVICE_NAME> tags. The env tag is required to see traces in Datadog, and it defaults to dev. The service tag defaults to the state machine’s name.

    3. For Node.js and Python runtimes, you can link your Step Function traces to Lambda traces. On the Lambda Task, set the Parameters key with the following:

      "Parameters": {
  "Payload.$": "States.JsonMerge($$, $, false)",
  ...
}

      The JsonMerge intrinsic function merges the Step Functions context object ($$) with the original Lambda’s input payload ($). Fields of the original payload overwrite the Step Functions context object if their keys are the same.

    Example:

    "Lambda Read From DynamoDB": {
      "Type": "Task",
      "Resource": "arn:aws:states:::lambda:invoke",
      "Parameters": {
        "Payload.$": "States.JsonMerge($$, $, false)",
        "FunctionName": "${lambdaArn}"
      },
      "End": true
    }

    Alternatively, if you have business logic defined in the payload, you could also use the following:

    "Lambda Read From DynamoDB": {
      "Type": "Task",
      "Resource": "arn:aws:states:::lambda:invoke",
      "Parameters": {
        "Payload": {
          ...
          "Execution.$": "$$.Execution",
          "State.$": "$$.State",
          "StateMachine.$": "$$.StateMachine"
        },
        "FunctionName": "${lambdaArn}"
      },
      "End": true
    }

    If you have not yet instrumented your Lambda functions to send traces, you can follow the steps to add the Lambda layer for your preferred runtime.

    See your Step Function metrics, logs, and traces in Datadog

    After you have invoked your state machine, go to the Serverless app in Datadog. Search for service:<YOUR_STATE_MACHINE_NAME> to see the relevant metrics, logs, and traces associated with that state machine. If you set the service tag on your state machine to a custom value, search for service:<CUSTOM_VALUE>.

    An AWS Step Function flame graph displayed in the serverless view.

    If you cannot see your traces, see Troubleshooting.