wbyc/terraform-datadog-users
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
22 Commits 1 Branch 1 Tag
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE

README.md

Terraform Datadog Users Module

Overview

This Terraform module manages individual Datadog user accounts with role-based access control, supporting both standard users and administrators.

Features

  • Role-Based Access: Standard users vs. administrators
  • Conditional Creation: Admin flag determines user type
  • Data Source Lookups: Fetches role IDs from Datadog
  • Reusable Module: Easy user provisioning via module calls

Resources Created

  • datadog_user (add_datadog_user): Standard user with sl-techops-role
  • datadog_user (add_datadog_admin_user): Admin user with Datadog Admin Role

Data Sources

The module queries Datadog for available roles:

  • Standard Role
  • Datadog Admin Role
  • sl-techops-role (custom role)

Requirements

Name Version
terraform >= 0.12
datadog >= 3.2.0

Usage

Create Standard User

module "standard_user" {
  source = "./terraform-datadog-users"

  admin           = false
  name            = "John Doe"
  email           = "john.doe@example.com"
  handle          = "john.doe@example.com"
  roles           = "normal"
  datadog_api_key = var.datadog_api_key
  datadog_app_key = var.datadog_app_key
}

Create Admin User

module "admin_user" {
  source = "./terraform-datadog-users"

  admin           = true
  name            = "Jane Admin"
  email           = "jane.admin@example.com"
  handle          = "jane.admin@example.com"
  roles           = "admin"
  datadog_api_key = var.datadog_api_key
  datadog_app_key = var.datadog_app_key
}

Inputs

Name Description Type Required Default
admin Is user an admin? bool no false
name Full name of user string no ""
email Email address string no ""
handle Handle/username string no ""
roles Role assignment string no "normal"
datadog_api_key Datadog API key string yes -
datadog_app_key Datadog APP key string yes -

Outputs

Currently, all outputs are commented out. No outputs are exported.

Role Types

Standard User (admin = false)

  • Role: sl-techops-role
  • Permissions: Limited read/write access
  • Use Case: Regular team members, developers, operators

Admin User (admin = true)

  • Role: Datadog Admin Role
  • Permissions: Full access to all Datadog features
  • Use Case: Platform administrators, team leads

Conditional Resource Creation

The module uses conditional count to create only one user type:

  • If admin = false: Creates standard user
  • If admin = true: Creates admin user

This ensures clean resource management and prevents duplicate user creation.

Data Source Usage

The module uses data sources to lookup role IDs:

data "datadog_role" "standard_role" {
  filter = "Datadog Standard Role"
}

data "datadog_role" "admin_role" {
  filter = "Datadog Admin Role"
}

data "datadog_role" "techops_role" {
  filter = "sl-techops-role"
}

Best Practices

  1. Email as Handle: Use email address as handle for consistency
  2. Role Selection: Choose appropriate role based on user responsibilities
  3. Module Calls: Use module calls for each user (see terraform-datadog-users-sanoma)
  4. Centralized Management: Keep all user definitions in one place

Example: Multiple Users

module "user_1" {
  source = "./terraform-datadog-users"
  admin  = false
  name   = "Alice Developer"
  email  = "alice@example.com"
  handle = "alice@example.com"
}

module "user_2" {
  source = "./terraform-datadog-users"
  admin  = true
  name   = "Bob Admin"
  email  = "bob@example.com"
  handle = "bob@example.com"
}

Notes

  • The handle field typically should match the email address
  • Custom roles (like sl-techops-role) must exist in Datadog before use
  • Role data sources fetch IDs dynamically at plan/apply time
  • Outputs are currently disabled (commented out in outputs.tf)
  • Module supports only two role tiers: standard and admin

Limitations

  • Fixed role assignments (standard vs admin only)
  • No support for custom role assignment beyond sl-techops-role
  • No team or group assignments
  • Outputs are not available (commented out)

Future Enhancements

Potential improvements:

  • Support for multiple custom roles
  • Team assignments
  • Group memberships
  • User permissions customization
  • Output user IDs and metadata

License

Internal use only - Sanoma/WeBuildYourCloud

Authors

Created and maintained by the Platform Engineering team.

Description
Terraform module for managing Datadog user accounts with role-based access control (standard users and administrators)
Readme 46 KiB
Languages
HCL 100%