datadog-log-forwarder-lambda

Basic module for the Datadog log forwarder lambda function and related resources.

This module was created to tighten permissions since at time of writing the CloudFormation templates provides more access to KMS and S3 buckets than we would like.

Zip file is from https://github.com/DataDog/datadog-serverless-functions/releases/tag/aws-dd-forwarder-3.60.0

Version numbers for datadog_python_layer_version can be found here: https://github.com/DataDog/datadog-lambda-python/releases

Version numbers for datadog_extension_layer_version can be found here: https://github.com/DataDog/datadog-lambda-extension/releases

Requirements

Name	Version
terraform	>= 1.0
aws	>= 3.26

Providers

Name	Version
aws	>= 3.26

Modules

Name	Source	Version
datadog_serverless_s3	git@github.com:smartrent/terraform-aws-s3.git	2.2.0

Resources

Name	Type
aws_cloudwatch_log_group.log_group	resource
aws_iam_policy.labmda_execution	resource
aws_iam_role.lambda_execution	resource
aws_iam_role_policy_attachment.lambda_basic_execution	resource
aws_iam_role_policy_attachment.lambda_datadog_push	resource
aws_kms_alias.datadog	resource
aws_kms_key.datadog	resource
aws_kms_key_policy.datadog	resource
aws_lambda_function.logs_to_datadog	resource
aws_lambda_permission.additional_logs	resource
aws_lambda_permission.rds_logs	resource
aws_lambda_permission.sns_topic_arns	resource
aws_secretsmanager_secret.api-key	resource
aws_sns_topic_subscription.sns_topic_arns	resource
aws_caller_identity.current	data source
aws_iam_policy_document.kms_key_policy	data source
aws_iam_policy_document.lambda_assume_role	data source
aws_iam_policy_document.lambda_runtime	data source

Inputs

Name	Description	Type	Default	Required
aws_region	AWS Region	string	n/a	yes
bucket_arns	A list of s3 bucket ARNs	list(string)	n/a	yes
datadog_extension_layer_version	The version of the Datadog Extension Layer	number	64	no
datadog_forwarder_version	The Datadog Forwarder version to use	string	"3.121.0"	no
datadog_python_layer_version	The version of the Datadog Python Layer	number	98	no
dd_site	The Datadog Site Address	string	n/a	yes
enhanced_metrics	Whether Datadog enhanced metrics is enabled	bool	false	no
environment_name	Environment name: dev, qa, prod	string	n/a	yes
exclude_logs_regex	Regex pattern to exclude logs from forwarding to Datadog	string	`""(START	END) RequestId:\s"`
layers	Whether or not to use layers	bool	false	no
log_group_names	A map of log group names to create lambda subscriptions for	map(any)	{}	no
memory_size	Amount of memory in MB your Lambda Function can use at runtime	number	1024	no
provision_trigger	Whether or not to create a lambda trigger from an SNS topic	bool	"false"	no
rds_logs	Whether to create lambda resource policy for sending all /aws/rds/* cloudwatch logs to the datadog log forwarder	bool	true	no
reserved_concurrent_executions	Amount of reserved concurrent executions for this lambda function	number	100	no
retention	The log group retention in days	number	30	no
runtime	The version of the runtime to use	string	"3.11"	no
sns_topic_arns	SNS Topic ARNs	list(string)	[ "undefined" ]	no
store_failed_events	Whether to store failed events in the log forwarder	bool	true	no
tags	Tags to assign to resources created by this module	map(string)	n/a	yes
timeout	The length of time in seconds before function times out	number	120	no

Outputs

Name	Description
bucket_arns	n/a
bucket_name	n/a
kms_key_arn	n/a
lambda_api_key_secret	n/a
lambda_function_arn	n/a
lambda_function_name	n/a
lambda_iam_policy_arn	n/a
lambda_iam_role_arn	n/a