wbyc/terraform-datadog-users-sanoma
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
terraform-datadog-users-sanoma/README.md

5.8 KiB
Raw Permalink Blame History

Terraform Datadog Users Sanoma Module

Overview

Organization-specific user management module for Sanoma that uses the terraform-datadog-users base module for creating and managing Datadog user accounts.

Features

  • Module Composition: Uses terraform-datadog-users as a base module
  • Organization-Specific: Configured for Sanoma email domains and structure
  • Scalable: Easy to add new users via module calls
  • Standardized Roles: All users assigned standard roles
  • EU Instance: Configured for EU Datadog API

Resources Created

Multiple datadog_user resources created via module calls to terraform-datadog-users.

Requirements

Name Version
terraform >= 0.12
datadog >= 3.2.0

Usage

This module is designed to be called from a root module with Sanoma-specific variables:

module "sanoma_users" {
  source = "./terraform-datadog-users-sanoma"

  datadog_api_key = var.datadog_api_key
  datadog_app_key = var.datadog_app_key
  api_url         = "https://api.datadoghq.eu"
}

Inputs

Name Description Type Required Default
admin Is user an admin? bool no false
name Full name string no ""
email Email address string no ""
handle Handle/username string no ""
roles Role type string no "standard"
datadog_api_key Datadog API key string yes -
datadog_app_key Datadog APP key string yes -
api_url Datadog API endpoint string no "https://api.datadoghq.eu"
http_client_retry_enabled Enable HTTP retries bool no true
http_client_retry_timeout HTTP retry timeout string no ""
validate Validate credentials bool no true

Outputs

Currently, all outputs are commented out. No outputs are exported.

User Accounts

Current Users (Configured)

The module includes user definitions for:

  • Michiel van Wambeke
  • David Kerremans
  • Lukasz Mycek

Work in Progress

Additional user groups defined in separate files:

  • user-accounts-vanin.tf: Vanin CFA users
  • user-accounts-nowaera.tf: NoWaEra CFA users

Module Structure

terraform-datadog-users-sanoma/
├── provider.tf              # Datadog provider configuration
├── backend.tf              # Terraform state backend
├── versions.tf             # Provider version constraints
├── variables.tf            # Input variables
├── outputs.tf              # Outputs (commented out)
├── user-accounts-vanin.tf  # Vanin user definitions (WIP)
├── user-accounts-nowaera.tf # NoWaEra user definitions (WIP)
└── old-account-structure.tf # Legacy account definitions

Adding New Users

To add a new user, create a module call in the appropriate file:

module "new_user" {
  source = "../terraform-datadog-users"

  admin           = false
  name            = "New User"
  email           = "new.user@sanoma.com"
  handle          = "new.user@sanoma.com"
  roles           = "standard"
  datadog_api_key = var.datadog_api_key
  datadog_app_key = var.datadog_app_key
}

Provider Configuration

EU Datadog Instance

  • API URL: https://api.datadoghq.eu
  • Reason: GDPR compliance for European data
  • Retry Enabled: Yes (handles 429 and 5xx errors)
  • Validation: API/APP keys validated on initialization

Organization Structure

The module supports multiple CFAs (Customer Facing Applications):

  • Vanin: Educational publishing
  • NoWaEra: Digital platforms

Each CFA has separate user account files for organization.

Best Practices

  1. Email Format: Use Sanoma email domain (@sanoma.com)
  2. File Organization: Group users by CFA or team
  3. Standard Roles: Default to standard roles unless admin access required
  4. Handle Convention: Use email as handle for consistency

Example User Definitions

# Standard user
module "developer" {
  source = "../terraform-datadog-users"
  
  admin  = false
  name   = "John Developer"
  email  = "john.developer@sanoma.com"
  handle = "john.developer@sanoma.com"
  roles  = "standard"
  
  datadog_api_key = var.datadog_api_key
  datadog_app_key = var.datadog_app_key
}

# Admin user
module "team_lead" {
  source = "../terraform-datadog-users"
  
  admin  = true
  name   = "Jane Lead"
  email  = "jane.lead@sanoma.com"
  handle = "jane.lead@sanoma.com"
  roles  = "admin"
  
  datadog_api_key = var.datadog_api_key
  datadog_app_key = var.datadog_app_key
}

State Management

  • Uses remote backend configuration (backend.tf)
  • State should be stored securely (S3, Terraform Cloud, etc.)
  • Enables team collaboration on user management

Migration from Old Structure

The old-account-structure.tf file contains legacy user definitions. These should be:

  1. Reviewed for current relevance
  2. Migrated to new structure if still active
  3. Removed if users are no longer with organization

Notes

  • All outputs are currently disabled (commented out in outputs.tf)
  • Uses module composition pattern for DRY principles
  • EU API endpoint for GDPR compliance
  • HTTP retry enabled for reliability
  • Credentials validated on provider initialization

Maintenance

Regular tasks:

  • Review and update user lists quarterly
  • Remove users who have left the organization
  • Audit role assignments
  • Update to latest terraform-datadog-users module version

Security Considerations

  • API keys should be stored in secure variable storage
  • Never commit API keys to version control
  • Use Terraform variable files or environment variables
  • Consider using Terraform Cloud for secure variable management

License

Internal use only - Sanoma/WeBuildYourCloud

Authors

Created and maintained by the Platform Engineering team at Sanoma.