You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: aws/logs_monitoring/README.md
+59-3Lines changed: 59 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -23,7 +23,7 @@ For more information about sending AWS services logs with the Datadog Forwarder,
23
23
24
24
## Installation
25
25
26
-
Datadog recommends using [CloudFormation](#cloudformation) to automatically install the Forwarder. You can also complete the setup process using [Terraform](#terraform) or [manually](#manual). Once installed, you can subscribe the Forwarder to log sources such as S3 buckets or CloudWatch log groups by [setting up triggers][4].
26
+
Datadog recommends using [CloudFormation](?tab=cloudformation#cloudformation) to automatically install the Forwarder. You can also complete the setup process using [Terraform](?tab=terraform#terraform) or [manually](?tab=manual#manual). For multi-region or multi-account deployments, see [Multi-Region & Multi-Account](?tab=multiregionmultiaccount#multi-region-multi-account) for CloudFormation StackSets or use the [Terraform](?tab=terraform#terraform) module. Once installed, you can subscribe the Forwarder to log sources such as S3 buckets or CloudWatch log groups by [setting up triggers][4].
27
27
28
28
**Note**: Forwarder v4.1.0+ does not support x86_64 architecture. If you are using x86_64, you must migrate to ARM64 to use the Datadog Forwarder.
29
29
@@ -48,12 +48,68 @@ If you had previously enabled your AWS Integration using the [following CloudFor
If you're using AWS Organizations, you can use CloudFormation StackSets to deploy the Forwarder across multiple AWS regions and accounts automatically.
57
+
58
+
#### Single account, multiple regions
59
+
60
+
1. Deploy the Forwarder template using [CloudFormation StackSets][151] in the AWS Console.
61
+
2. In the **Permissions** section, optionally provide an IAM admin role ARN, or leave the default IAM execution role name (`AWSCloudFormationStackSetExecutionRole`).
62
+
3. In the **Specify template** section:
63
+
1. Select **Amazon S3 URL**.
64
+
1. Enter the Forwarder template URL: `https://datadog-cloudformation-template.s3.amazonaws.com/aws/forwarder/latest.yaml`.
65
+
1. Click **Next**.
66
+
4. In the **Specify stack set details** section:
67
+
1. Provide a stack set name.
68
+
1. Provide a valid Datadog API key using **one** of the `DdApiKey`, `DdApiKeySecretArn`, or `DdApiKeySsmParameterName` fields.
69
+
1. Select the appropriate Datadog site in the `DdSite` field.
70
+
1. Optionally, configure other parameters.
71
+
1. Click **Next**.
72
+
5. In the **Configure stack set options** section:
73
+
1. Optionally, configure the provided options.
74
+
1. Check the box under **Capabilities**.
75
+
1. Click **Next**.
76
+
6. On the **Set deployment options** page:
77
+
1. Select **Deploy stacks in accounts** and enter your AWS account IDs.
78
+
1. Under **Specify regions**, add target regions where you want to deploy the Forwarder.
79
+
1. Click **Next**.
80
+
7. Review the details, and click **Submit**.
81
+
82
+
#### Multiple accounts
83
+
84
+
**Prerequisite**: You must be logged into your **AWS Organizations management account** to use this deployment method.
85
+
86
+
1. Enable [trusted access for CloudFormation StackSets][153] in AWS Organizations (this is a one-time setup).
87
+
2. Deploy from the organization management account using [CloudFormation StackSets][151].
88
+
3. In the **Permissions** section, choose **Service-managed permissions**. This option allows CloudFormation StackSets to create the necessary IAM roles in target accounts automatically.
89
+
4. In the **Specify template** section:
90
+
1. Select **Amazon S3 URL**.
91
+
1. Enter the Forwarder template URL: `https://datadog-cloudformation-template.s3.amazonaws.com/aws/forwarder/latest.yaml`.
92
+
1. Click **Next**.
93
+
5. In the **Specify stack set details** section:
94
+
1. Provide a stack set name.
95
+
1. Provide a valid Datadog API key using **one** of the `DdApiKey`, `DdApiKeySecretArn`, or `DdApiKeySsmParameterName` fields.
96
+
1. Select the appropriate Datadog site in the `DdSite` field.
97
+
1. Optionally, configure other parameters.
98
+
1. Click **Next**.
99
+
6. Choose **Deploy to organization** and specify target organizational units (OUs) or individual accounts, along with the regions where you want to deploy the Forwarder.
100
+
101
+
**Note**: Regardless of whether you specify organizational units or individual accounts, you must [set up triggers][155] after the Forwarder is deployed.
Install the Forwarder using the public Datadog Terraform module available at [https://registry.terraform.io/modules/DataDog/log-lambda-forwarder-datadog/aws/latest][201]. Once the Lambda function is deployed, [set up triggers on the Forwarder][202].
112
+
Install the Forwarder using the public [log-lambda-forwarder-datadog][201] Terraform module. The Terraform module supports both multi-region and multi-account deployments. After the Lambda function is deployed, [set up triggers on the Forwarder][202].
57
113
58
114
#### Sample configuration
59
115
@@ -70,7 +126,7 @@ module "datadog_forwarder" {
70
126
**Note**: Ensure that the `dd_site` parameter matches your [Datadog site][203]. Select your site on the right side of this page. Your Datadog site is {{< region-param key="dd_site" code="true" >}}.
71
127
Your [Datadog API key][204] to use for `dd_api_key` can be found under **Organization Settings** > **API Keys**.
72
128
73
-
For all configuration options and details, including [Multi-Region deployment][205], see the [module documentation][201].
129
+
For all configuration options and details, including [multi-region and multi-account deployments][205], see the [module documentation][201].
0 commit comments