Terraform AWS Datadog2 Integration & Monitoring Module

Overview

The terraform-aws-datadog2 module is a comprehensive Terraform configuration that integrates AWS with Datadog for monitoring and alerting. It sets up AWS-Datadog integration and creates pre-configured Datadog monitors to track critical infrastructure metrics.

Features

• Automated AWS-Datadog integration setup
• Pre-configured infrastructure monitors for:
  • CPU utilization
  • Memory utilization
  • System load
  • Disk space
  • Disk inodes
  • Disk usage forecasting (7-day prediction)
• CloudPosse label/tagging context for consistent naming
• Support for both EU and US Datadog endpoints

Resources Created

AWS Resources (via CloudPosse Module)

• IAM Role - Allows Datadog to assume this role for monitoring AWS resources
• External ID - Security mechanism for cross-account role assumption
• Associated IAM policies for AWS monitoring permissions

Datadog Monitors

1. CPU Utilization Monitor

   • Type: Metric alert
   • Warning: 50%
   • Critical: 60%

2. Memory Utilization Monitor

   • Type: Query alert
   • Evaluation: 5 minutes
   • Warning: 10% usable memory remaining
   • Critical: 5% usable memory remaining

3. System Load Monitor

   • Type: Query alert
   • Tracks: 5-minute normalized system load
   • Evaluation: 30 minutes
   • Warning: 2.0
   • Critical: 2.5

4. Disk Space Monitor

   • Type: Query alert
   • Evaluation: 5 minutes
   • Warning: 80% used
   • Critical: 90% used

5. Disk Inodes Monitor

   • Type: Query alert
   • Evaluation: 5 minutes
   • Warning: 90% used
   • Critical: 95% used

6. Disk Usage Forecast Monitor

   • Type: Query alert with forecasting
   • Prediction: Next 7 days
   • Forecast model: Linear
   • Warning: 72% predicted usage
   • Critical: 80% predicted usage

Usage

module "datadog_monitoring" {
  source = "path/to/terraform-aws-datadog2"

  # Required variables
  region       = "eu-west-1"
  api_key      = var.datadog_api_key      # Store securely!
  app_key      = var.datadog_app_key      # Store securely!
  aws_profile  = "your-aws-profile"
  prefix_slug  = "mycompany"
  team         = "platform"

  # Optional variables
  datadog_site = "https://api.datadoghq.eu/"  # Default

  # CloudPosse label context (optional)
  namespace   = "myorg"
  environment = "prod"
  stage       = "production"
  name        = "monitoring"

  tags = {
    Project    = "Infrastructure"
    ManagedBy  = "Terraform"
  }
}

Variables

Required Variables

Variable	Type	Description
region	string	AWS region where monitored resources reside
api_key	string	Datadog API key for sending logs, metrics, and traces
app_key	string	Datadog application key for API manipulation
aws_profile	string	AWS profile name for authentication
prefix_slug	string	Prefix slug for naming
team	string	Team identifier

Optional Variables

Variable	Type	Default	Description
datadog_site	string	https://api.datadoghq.eu/	Datadog site endpoint

CloudPosse Label Context Variables

Variable	Type	Default	Description
enabled	bool	null	Enable/disable resource creation
namespace	string	null	Organization name or abbreviation
environment	string	null	Environment identifier
stage	string	null	Stage identifier
name	string	null	Solution name
delimiter	string	null	Delimiter between name components
attributes	list(string)	[]	Additional attributes for naming
tags	map(string)	{}	Additional tags
label_order	list(string)	null	Custom ordering of name components

Outputs

Output	Description
aws_account_id	AWS Account ID of the IAM Role for Datadog
aws_role_name	Name of the AWS IAM Role for Datadog
datadog_external_id	External ID for secure role assumption

Note: These outputs are essential for completing the Datadog integration by providing values to enter in Datadog's AWS integration settings.

Dependencies

Terraform Requirements

• Terraform >= 0.13.0

Provider Requirements

• hashicorp/aws - AWS infrastructure management
• datadog/datadog - Datadog monitoring resources
• hashicorp/local >= 1.3 - Local file operations

External Modules

1. cloudposse/datadog-integration/aws (v0.11.0)

   • Creates AWS IAM role and permissions for Datadog
   • Handles cross-account role assumption

2. cloudposse/label/null (v0.24.1)

   • Provides consistent tagging and naming conventions

Prerequisites

• Valid AWS account with IAM role creation permissions
• Active Datadog account with monitor creation access
• Network connectivity to AWS and Datadog APIs
• Proper AWS profile configured

Post-Deployment Setup

After applying this module, complete the integration in Datadog:

1. Navigate to AWS integration settings in Datadog console
2. Add AWS account using the aws_account_id output
3. Add the aws_role_name as the IAM role name
4. Provide the datadog_external_id as the external ID
5. Complete the AWS integration in Datadog console

Monitor Alert Notifications

To receive alerts, configure notification channels in Datadog and update the monitors to include your notification preferences.

Customization

Adjusting Monitor Thresholds

To adjust alert thresholds, modify the monitor resources in monitors.tf:

# Example: Adjust CPU warning to 60% and critical to 80%
resource "datadog_monitor" "cpumonitor" {
  # ... other settings ...
  thresholds = {
    warning  = 60
    critical = 80
  }
}

Adding Additional Monitors

Add new monitor resources to monitors.tf following the existing patterns.

Security Considerations

• Store API keys and app keys securely (use Terraform Cloud, AWS Secrets Manager, or HashiCorp Vault)
• Never commit sensitive credentials to version control
• Use IAM role-based access instead of IAM user credentials where possible
• Review and adjust monitor thresholds based on your workload requirements

License

See project license file.

Authors

Maintained by WebBuildYourCloud team.