You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: aws/logs_monitoring/README.md
+11-5Lines changed: 11 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -278,7 +278,7 @@ You can run the Forwarder in a VPC private subnet and send data to Datadog over
278
278
3. When installing the Forwarder with the CloudFormation template:
279
279
1. Set `DdUseVPC` to `true`.
280
280
2. Set `VPCSecurityGroupIds` and `VPCSubnetIds` based on your VPC settings.
281
-
3. Set `DdFetchLambdaTags`, `DdFetchStepFunctionsTags` and `DdFetchS3Tags` to `false`, because AWS Resource Groups Tagging API doesn't support PrivateLink.
281
+
3. Set `DdFetchLambdaTags`, `DdFetchStepFunctionsTags`, and `DdFetchS3Tags` to `false`, because AWS Resource Groups Tagging API doesn't support PrivateLink.
282
282
283
283
### AWS VPC and proxy support
284
284
@@ -287,7 +287,7 @@ If you must deploy the Forwarder to a VPC without direct public internet access,
287
287
1. Unless the Forwarder is deployed to a public subnet, follow the [instructions][15] to add endpoints for Secrets Manager and S3 to the VPC, so that the Forwarder can access those services.
288
288
2. Update your proxy with following configurations ([HAProxy][17] or [NGINX][18]). If you are using another proxy, or Web Proxy, allowlist the Datadog domain, for example: `.{{< region-param key="dd_site" code="true" >}}`.
289
289
3. When installing the Forwarder with the CloudFormation template, set `DdUseVPC`, `VPCSecurityGroupIds`, and `VPCSubnetIds`.
290
-
4. Ensure the `DdFetchLambdaTags`, `DdFetchStepFunctionsTags` and `DdFetchS3Tags` options are disabled, because AWS VPC does not yet offer an endpoint for the Resource Groups Tagging API.
290
+
4. Ensure the `DdFetchLambdaTags`, `DdFetchStepFunctionsTags`, and `DdFetchS3Tags` options are disabled, because AWS VPC does not yet offer an endpoint for the Resource Groups Tagging API.
291
291
5. If you are using HAProxy or NGINX:
292
292
293
293
- Set `DdApiUrl` to `http://<proxy_host>:3834` or `https://<proxy_host>:3834`.
@@ -404,17 +404,23 @@ To test different patterns against your logs, turn on [debug logs](#troubleshoot
404
404
405
405
### Advanced (optional)
406
406
407
+
`DdEnrichS3Tags`
408
+
: Enabled by default. When enabled, instructs the Datadog backend to automatically enrich logs originating from S3 buckets with the tags associated with those buckets. This approach offers the same tag enrichment as `DdFetchS3Tags` but defers the operation after log ingestion, reducing Forwarder overhead. Requires [Resource Collection](https://docs.datadoghq.com/integrations/amazon-web-services/#resource-collection) to be enabled in your AWS integration.
409
+
410
+
`DdEnrichCloudwatchTags`
411
+
: Enabled by default. When enabled, instructs the Datadog backend to automatically enrich logs originating from CloudWatch LogGroups with the tags associated with those log groups. This approach offers the same tag enrichment as `DdFetchLogGroupTags` but defers the operation after log ingestion, reducing Forwarder overhead. Requires [Resource Collection](https://docs.datadoghq.com/integrations/amazon-web-services/#resource-collection) to be enabled in your AWS integration.
412
+
407
413
`DdFetchLambdaTags`
408
414
: Let the Forwarder fetch Lambda tags using GetResources API calls and apply them to logs, metrics, and traces. If set to true, permission `tag:GetResources` will be automatically added to the Lambda execution IAM role.
409
415
410
416
`DdFetchLogGroupTags`
411
-
: Let the forwarder fetch Log Group tags using ListTagsLogGroup and apply them to logs, metrics, and traces. If set to true, permission `logs:ListTagsForResource` will be automatically added to the Lambda execution IAM role.
417
+
: **[DEPRECATED, use DdEnrichCloudwatchTags]** Let the forwarder fetch Log Group tags using ListTagsLogGroup and apply them to logs, metrics, and traces. If set to true, permission `logs:ListTagsForResource` will be automatically added to the Lambda execution IAM role.
412
418
413
419
`DdFetchStepFunctionsTags`
414
420
: Let the Forwarder fetch Step Functions tags using GetResources API calls and apply them to logs and traces (if Step Functions tracing is enabled). If set to true, permission `tag:GetResources` will be automatically added to the Lambda execution IAM role.
415
421
416
422
`DdFetchS3Tags`
417
-
: Let the Forwarder fetch S3 tags using GetResources API calls and apply them to logs and traces. If set to true, permission `tag:GetResources` will be automatically added to the Lambda execution IAM role.
423
+
: **[DEPRECATED, use DdEnrichS3Tags]** Let the Forwarder fetch S3 tags using GetResources API calls and apply them to logs and traces. If set to true, permission `tag:GetResources` will be automatically added to the Lambda execution IAM role.
418
424
419
425
`DdStepFunctionsTraceEnabled`
420
426
: Set to true to enable tracing for all Step Functions.
@@ -571,7 +577,7 @@ To test different patterns against your logs, turn on [debug logs](#troubleshoot
571
577
: Enabled by default. When enabled, instructs the Datadog backend to automatically enrich logs originating from S3 buckets with the tags associated with those buckets. This approach offers the same tag enrichment as `DD_FETCH_S3_TAGS` but defers the operation after log ingestion, reducing Forwarder overhead. Requires https://docs.datadoghq.com/integrations/amazon-web-services/#resource-collection to be enabled in your AWS integration.
572
578
573
579
`DD_ENRICH_CLOUDWATCH_TAGS`
574
-
: Enabled by default. When enabled, instructs the Datadog backend to automatically enrich logs originating from Cloudwatch LogGrouo with the tags associated with those log groups. This approach offers the same tag enrichment as `DD_FETCH_LOG_GROUP_TAGS` but defers the operation after log ingestion, reducing Forwarder overhead. Requires https://docs.datadoghq.com/integrations/amazon-web-services/#resource-collection to be enabled in your AWS integration.
580
+
: Enabled by default. When enabled, instructs the Datadog backend to automatically enrich logs originating from Cloudwatch LogGroup with the tags associated with those log groups. This approach offers the same tag enrichment as `DD_FETCH_LOG_GROUP_TAGS` but defers the operation after log ingestion, reducing Forwarder overhead. Requires https://docs.datadoghq.com/integrations/amazon-web-services/#resource-collection to be enabled in your AWS integration.
575
581
576
582
`DD_FETCH_LAMBDA_TAGS`
577
583
: Let the Forwarder fetch Lambda tags using GetResources API calls and apply them to logs, metrics, and traces. If set to true, permission `tag:GetResources` will be automatically added to the Lambda execution IAM role.
0 commit comments