From 5d82d443704cbcf32ba02af28a9d9f443bd68443 Mon Sep 17 00:00:00 2001 From: Vincent Boutour Date: Tue, 7 Oct 2025 18:02:40 +0200 Subject: [PATCH 1/5] feat(aws): AWSX-1566 Adding storage tag HTTP header Signed-off-by: Vincent Boutour --- aws/logs_monitoring/README.md | 8 ++++- .../logs/datadog_http_client.py | 32 +++++++++++++++---- aws/logs_monitoring/settings.py | 15 +++++++++ 3 files changed, 48 insertions(+), 7 deletions(-) diff --git a/aws/logs_monitoring/README.md b/aws/logs_monitoring/README.md index c159cf29c..1948f7a5c 100644 --- a/aws/logs_monitoring/README.md +++ b/aws/logs_monitoring/README.md @@ -567,11 +567,17 @@ To test different patterns against your logs, turn on [debug logs](#troubleshoot ### Advanced (optional) +`DD_ENRICH_S3_TAGS` +: Instruct Datadog Backend to enrich a log coming from a S3 bucket with the tag attached to this bucket. It's the equivalent behavior of `DD_FETCH_S3_TAG` but done after ingestion. This require Resource Collection to be enabled. Enabled by default. + +`DD_ENRICH_CLOUDWATCH_TAGS` +: Instruct Datadog Backend to enrich a log coming from a Cloudwatch logGroup with the tag attached to this logGroup. It's the equivalent behavior of `DD_FETCH_LOG_GROUP_TAGS` but done after ingestion. This require Resource Collection to be enabled. + `DD_FETCH_LAMBDA_TAGS` : Let the Forwarder fetch Lambda tags using GetResources API calls and apply them to logs, metrics, and traces. If set to true, permission `tag:GetResources` will be automatically added to the Lambda execution IAM role. `DD_FETCH_LOG_GROUP_TAGS` -: Let the forwarder fetch Log Group tags using ListTagsLogGroup and apply them to logs, metrics, and traces. If set to true, permission `logs:ListTagsForResource` will be automatically added to the Lambda execution IAM role. +: [DEPRECATED, use DD_ENRICH_CLOUDWATCH_TAG] Let the forwarder fetch Log Group tags using ListTagsLogGroup and apply them to logs, metrics, and traces. If set to true, permission `logs:ListTagsForResource` will be automatically added to the Lambda execution IAM role. `DD_FETCH_STEP_FUNCTIONS_TAGS` : Let the Forwarder fetch Step Functions tags using GetResources API calls and apply them to logs and traces (if Step Functions tracing is enabled). If set to true, permission `tag:GetResources` will be automatically added to the Lambda execution IAM role. diff --git a/aws/logs_monitoring/logs/datadog_http_client.py b/aws/logs_monitoring/logs/datadog_http_client.py index 67e5e2a03..79fa740bc 100644 --- a/aws/logs_monitoring/logs/datadog_http_client.py +++ b/aws/logs_monitoring/logs/datadog_http_client.py @@ -4,25 +4,41 @@ # Copyright 2021 Datadog, Inc. -import os import logging - +import os from concurrent.futures import as_completed + from requests_futures.sessions import FuturesSession -from logs.helpers import compress_logs -from logs.exceptions import ScrubbingException +from logs.exceptions import ScrubbingException +from logs.helpers import compress_logs from settings import ( - DD_USE_COMPRESSION, DD_COMPRESSION_LEVEL, - DD_MAX_WORKERS, DD_FORWARDER_VERSION, + DD_MAX_WORKERS, + DD_USE_COMPRESSION, + get_enrich_cloudwatch_tags, + get_enrich_s3_tags, ) logger = logging.getLogger() logger.setLevel(logging.getLevelName(os.environ.get("DD_LOG_LEVEL", "INFO").upper())) +def get_dd_storage_tag_header(): + storage_tag = "" + + if get_enrich_s3_tags(): + storage_tag += "s3" + + if get_enrich_cloudwatch_tags(): + if storage_tag != "": + storage_tag += "," + storage_tag += "cloudwatch" + + return storage_tag + + class DatadogHTTPClient(object): """ Client that sends a batch of logs over HTTP. @@ -37,6 +53,10 @@ class DatadogHTTPClient(object): _HEADERS["DD-EVP-ORIGIN"] = "aws_forwarder" _HEADERS["DD-EVP-ORIGIN-VERSION"] = DD_FORWARDER_VERSION + storage_tag = get_dd_storage_tag_header() + if storage_tag != "": + _HEADERS["DD-STORAGE-TAG"] = storage_tag + def __init__( self, host, port, no_ssl, skip_ssl_validation, api_key, scrubber, timeout=10 ): diff --git a/aws/logs_monitoring/settings.py b/aws/logs_monitoring/settings.py index 5385e56d1..a3915aaff 100644 --- a/aws/logs_monitoring/settings.py +++ b/aws/logs_monitoring/settings.py @@ -250,6 +250,13 @@ def __init__(self, name, pattern, placeholder, enabled=True): ) +DD_ENRICH_S3_TAGS = get_env_var("DD_ENRICH_S3_TAGS", default="true", boolean=True) + +DD_ENRICH_CLOUDWATCH_TAGS = get_env_var( + "DD_ENRICH_CLOUDWATCH_TAGS", default="false", boolean=True +) + + def get_fetch_s3_tags(): return DD_FETCH_S3_TAGS @@ -266,6 +273,14 @@ def get_fetch_step_functions_tags(): return DD_FETCH_STEP_FUNCTIONS_TAGS +def get_enrich_s3_tags(): + return DD_ENRICH_S3_TAGS + + +def get_enrich_cloudwatch_tags(): + return DD_ENRICH_CLOUDWATCH_TAGS + + DD_SOURCE = "ddsource" DD_CUSTOM_TAGS = "ddtags" DD_SERVICE = "service" From c9ec9aedec74c72dcffcf64d2d2365fff9af32df Mon Sep 17 00:00:00 2001 From: Vincent Boutour Date: Wed, 8 Oct 2025 16:01:43 +0200 Subject: [PATCH 2/5] feat(aws): AWSX-1566 Adding new variable in the cloudformation template Signed-off-by: Vincent Boutour --- aws/logs_monitoring/README.md | 6 +-- aws/logs_monitoring/settings.py | 2 +- aws/logs_monitoring/template.yaml | 26 +++++++++-- .../integration_tests/docker-compose.yml | 6 +-- .../integration_tests/integration_tests.sh | 2 +- ..._log_group_lambda_invocation.json~snapshot | 43 +------------------ .../snapshots/cloudwatch_log.json~snapshot | 43 +------------------ .../cloudwatch_log_cloudtrail.json~snapshot | 43 +------------------ .../cloudwatch_log_coldstart.json~snapshot | 42 ------------------ .../cloudwatch_log_custom_tags.json~snapshot | 15 +------ ...dwatch_log_lambda_invocation.json~snapshot | 43 +------------------ .../cloudwatch_log_service_tag.json~snapshot | 15 +------ .../cloudwatch_log_timeout.json~snapshot | 15 +------ .../step_functions_log.json~snapshot | 43 +------------------ 14 files changed, 38 insertions(+), 306 deletions(-) diff --git a/aws/logs_monitoring/README.md b/aws/logs_monitoring/README.md index 1948f7a5c..79a382088 100644 --- a/aws/logs_monitoring/README.md +++ b/aws/logs_monitoring/README.md @@ -568,16 +568,16 @@ To test different patterns against your logs, turn on [debug logs](#troubleshoot ### Advanced (optional) `DD_ENRICH_S3_TAGS` -: Instruct Datadog Backend to enrich a log coming from a S3 bucket with the tag attached to this bucket. It's the equivalent behavior of `DD_FETCH_S3_TAG` but done after ingestion. This require Resource Collection to be enabled. Enabled by default. +: Instruct Datadog backend to enrich a log coming from a S3 bucket with the tag attached to this bucket. It's the equivalent behavior of `DD_FETCH_S3_TAG` but done after ingestion. This require Resource Collection to be enabled. Flag is enabled by default. `DD_ENRICH_CLOUDWATCH_TAGS` -: Instruct Datadog Backend to enrich a log coming from a Cloudwatch logGroup with the tag attached to this logGroup. It's the equivalent behavior of `DD_FETCH_LOG_GROUP_TAGS` but done after ingestion. This require Resource Collection to be enabled. +: Instruct Datadog backend to enrich a log coming from a Cloudwatch logGroup with the tag attached to this logGroup. It's the equivalent behavior of `DD_FETCH_LOG_GROUP_TAGS` but done after ingestion. This require Resource Collection to be enabled. Flag is enabled by default. `DD_FETCH_LAMBDA_TAGS` : Let the Forwarder fetch Lambda tags using GetResources API calls and apply them to logs, metrics, and traces. If set to true, permission `tag:GetResources` will be automatically added to the Lambda execution IAM role. `DD_FETCH_LOG_GROUP_TAGS` -: [DEPRECATED, use DD_ENRICH_CLOUDWATCH_TAG] Let the forwarder fetch Log Group tags using ListTagsLogGroup and apply them to logs, metrics, and traces. If set to true, permission `logs:ListTagsForResource` will be automatically added to the Lambda execution IAM role. +: [DEPRECATED, use DD_ENRICH_CLOUDWATCH_TAGS] Let the forwarder fetch Log Group tags using ListTagsLogGroup and apply them to logs, metrics, and traces. If set to true, permission `logs:ListTagsForResource` will be automatically added to the Lambda execution IAM role. `DD_FETCH_STEP_FUNCTIONS_TAGS` : Let the Forwarder fetch Step Functions tags using GetResources API calls and apply them to logs and traces (if Step Functions tracing is enabled). If set to true, permission `tag:GetResources` will be automatically added to the Lambda execution IAM role. diff --git a/aws/logs_monitoring/settings.py b/aws/logs_monitoring/settings.py index a3915aaff..5c2c9334b 100644 --- a/aws/logs_monitoring/settings.py +++ b/aws/logs_monitoring/settings.py @@ -253,7 +253,7 @@ def __init__(self, name, pattern, placeholder, enabled=True): DD_ENRICH_S3_TAGS = get_env_var("DD_ENRICH_S3_TAGS", default="true", boolean=True) DD_ENRICH_CLOUDWATCH_TAGS = get_env_var( - "DD_ENRICH_CLOUDWATCH_TAGS", default="false", boolean=True + "DD_ENRICH_CLOUDWATCH_TAGS", default="true", boolean=True ) diff --git a/aws/logs_monitoring/template.yaml b/aws/logs_monitoring/template.yaml index 963bd2de4..b3ef6c873 100644 --- a/aws/logs_monitoring/template.yaml +++ b/aws/logs_monitoring/template.yaml @@ -75,6 +75,20 @@ Parameters: Type: String Default: "" Description: Add custom tags to forwarded logs, comma-delimited string, no trailing comma, e.g., env:prod,stack:classic + DdEnrichS3Tags: + Type: String + Default: true + AllowedValues: + - true + - false + Description: Instruct Datadog backend to enrich a log coming from a S3 bucket with the tag attached to this bucket. Datadog AWS Resource Collection needs to be enabled. + DdEnrichCloudwatchTags: + Type: String + Default: true + AllowedValues: + - true + - false + Description: Instruct Datadog backend to enrich a log coming from a Cloudwatch logGroup with the tag attached to this logGroup. Datadog AWS Resource Collection needs to be enabled. DdFetchLambdaTags: Type: String Default: true @@ -88,7 +102,7 @@ Parameters: AllowedValues: - true - false - Description: Let the forwarder fetch Log Group tags using ListTagsLogGroup and apply them to logs, metrics and traces. If set to true, permission logs:ListTagsLogGroup will be automatically added to the Lambda execution IAM role. The tags are cached in memory and S3 so that they'll only be fetched when the function cold starts or when the TTL (1 hour) expires. The forwarder increments the aws.lambda.enhanced.list_tags_log_group_api_call metric for each API call made. + Description: (DEPRECATED in favor of DdEnrichCloudwatchTags) Let the forwarder fetch Log Group tags using ListTagsLogGroup and apply them to logs, metrics and traces. If set to true, permission logs:ListTagsLogGroup will be automatically added to the Lambda execution IAM role. The tags are cached in memory and S3 so that they'll only be fetched when the function cold starts or when the TTL (1 hour) expires. The forwarder increments the aws.lambda.enhanced.list_tags_log_group_api_call metric for each API call made. DdFetchStepFunctionsTags: Type: String Default: true @@ -98,11 +112,11 @@ Parameters: Description: Let the forwarder fetch Step Functions tags using GetResources API calls and apply them to logs, metrics and traces. If set to true, permission tag:GetResources will be automatically added to the Lambda execution IAM role. The tags are cached in memory and S3 so that they'll only be fetched when the function cold starts or when the TTL (1 hour) expires. The forwarder increments the aws.lambda.enhanced.get_resources_api_calls metric for each API call made. DdFetchS3Tags: Type: String - Default: true + Default: false AllowedValues: - true - false - Description: Let the forwarder fetch S3 buckets tags using GetResources API calls and apply them to S3 based logs. If set to true, permission tag:GetResources will be automatically added to the Lambda execution IAM role. The tags are cached in memory and S3 so that they'll only be fetched when the function cold starts or when the TTL (1 hour) expires. The forwarder increments the aws.lambda.enhanced.get_resources_api_calls metric for each API call made. + Description: (DEPRECATED in favor of DdEnrichS3Tags) Let the forwarder fetch S3 buckets tags using GetResources API calls and apply them to S3 based logs. If set to true, permission tag:GetResources will be automatically added to the Lambda execution IAM role. The tags are cached in memory and S3 so that they'll only be fetched when the function cold starts or when the TTL (1 hour) expires. The forwarder increments the aws.lambda.enhanced.get_resources_api_calls metric for each API call made. DdNoSsl: Type: String Default: false @@ -448,11 +462,13 @@ Resources: - !Ref DdTags - !Ref AWS::NoValue DD_TAGS_CACHE_TTL_SECONDS: !Ref TagsCacheTTLSeconds + DD_ENRICH_S3_TAGS: !Ref DdEnrichS3Tags + DD_ENRICH_CLOUDWATCH_TAGS: !Ref DdEnrichCloudwatchTags + DD_FETCH_S3_TAGS: !Ref DdFetchS3Tags DD_FETCH_LAMBDA_TAGS: !If - SetDdFetchLambdaTags - !Ref DdFetchLambdaTags - !Ref AWS::NoValue - DD_FETCH_S3_TAGS: !Ref DdFetchS3Tags DD_FETCH_LOG_GROUP_TAGS: !If - SetDdFetchLogGroupTags - !Ref DdFetchLogGroupTags @@ -1018,6 +1034,8 @@ Metadata: - Label: default: Advanced (Optional) Parameters: + - DdEnrichS3Tags + - DdEnrichCloudwatchTags - DdFetchLambdaTags - DdFetchLogGroupTags - DdFetchStepFunctionsTags diff --git a/aws/logs_monitoring/tools/integration_tests/docker-compose.yml b/aws/logs_monitoring/tools/integration_tests/docker-compose.yml index 90e48ac5f..acf78f489 100644 --- a/aws/logs_monitoring/tools/integration_tests/docker-compose.yml +++ b/aws/logs_monitoring/tools/integration_tests/docker-compose.yml @@ -40,9 +40,9 @@ services: DD_USE_COMPRESSION: "false" DD_ADDITIONAL_TARGET_LAMBDAS: "${EXTERNAL_LAMBDAS}" DD_S3_BUCKET_NAME: "${DD_S3_BUCKET_NAME}" - DD_FETCH_LAMBDA_TAGS: "true" - DD_FETCH_LOG_GROUP_TAGS: "true" - DD_FETCH_STEP_FUNCTIONS_TAGS: "false" # intentionally set false to allow integration test for step function logs to run without hitting aws + DD_FETCH_LAMBDA_TAGS: "${DD_FETCH_LAMBDA_TAGS:-false}" + DD_FETCH_LOG_GROUP_TAGS: "${DD_FETCH_LOG_GROUP_TAGS:-false}" + DD_FETCH_STEP_FUNCTIONS_TAGS: "${DD_FETCH_STEP_FUNCTIONS_TAGS:-false}" DD_STORE_FAILED_EVENTS: "false" DD_TRACE_ENABLED: "true" expose: diff --git a/aws/logs_monitoring/tools/integration_tests/integration_tests.sh b/aws/logs_monitoring/tools/integration_tests/integration_tests.sh index 70e884212..bd65de87b 100755 --- a/aws/logs_monitoring/tools/integration_tests/integration_tests.sh +++ b/aws/logs_monitoring/tools/integration_tests/integration_tests.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash # Unless explicitly stated otherwise all files in this repository are licensed # under the Apache License Version 2.0. diff --git a/aws/logs_monitoring/tools/integration_tests/snapshots/cloudwatch_customized_log_group_lambda_invocation.json~snapshot b/aws/logs_monitoring/tools/integration_tests/snapshots/cloudwatch_customized_log_group_lambda_invocation.json~snapshot index 23d7609f5..232957761 100644 --- a/aws/logs_monitoring/tools/integration_tests/snapshots/cloudwatch_customized_log_group_lambda_invocation.json~snapshot +++ b/aws/logs_monitoring/tools/integration_tests/snapshots/cloudwatch_customized_log_group_lambda_invocation.json~snapshot @@ -75,6 +75,7 @@ "DD-API-KEY": "abcdefghijklmnopqrstuvwxyz012345", "DD-EVP-ORIGIN": "aws_forwarder", "DD-EVP-ORIGIN-VERSION": "", + "DD-STORAGE-TAG": "s3,cloudwatch", "Host": "recorder:8080", "User-Agent": "", "traceparent": "", @@ -90,48 +91,6 @@ { "data": { "series": [ - { - "device": null, - "host": null, - "interval": 10, - "metric": "aws.dd_forwarder.loggroup_cache_fetch_failure", - "points": "", - "tags": [ - "forwardername:test_function", - "forwarder_memorysize:3008", - "forwarder_version:", - "event_type:awslogs" - ], - "type": "distribution" - }, - { - "device": null, - "host": null, - "interval": 10, - "metric": "aws.dd_forwarder.list_tags_log_group_api_call", - "points": "", - "tags": [ - "forwardername:test_function", - "forwarder_memorysize:3008", - "forwarder_version:", - "event_type:awslogs" - ], - "type": "distribution" - }, - { - "device": null, - "host": null, - "interval": 10, - "metric": "aws.dd_forwarder.loggroup_cache_write_failure", - "points": "", - "tags": [ - "forwardername:test_function", - "forwarder_memorysize:3008", - "forwarder_version:", - "event_type:awslogs" - ], - "type": "distribution" - }, { "device": null, "host": null, diff --git a/aws/logs_monitoring/tools/integration_tests/snapshots/cloudwatch_log.json~snapshot b/aws/logs_monitoring/tools/integration_tests/snapshots/cloudwatch_log.json~snapshot index ed83e290e..1efc9ae27 100644 --- a/aws/logs_monitoring/tools/integration_tests/snapshots/cloudwatch_log.json~snapshot +++ b/aws/logs_monitoring/tools/integration_tests/snapshots/cloudwatch_log.json~snapshot @@ -48,6 +48,7 @@ "DD-API-KEY": "abcdefghijklmnopqrstuvwxyz012345", "DD-EVP-ORIGIN": "aws_forwarder", "DD-EVP-ORIGIN-VERSION": "", + "DD-STORAGE-TAG": "s3,cloudwatch", "Host": "recorder:8080", "User-Agent": "", "traceparent": "", @@ -63,48 +64,6 @@ { "data": { "series": [ - { - "device": null, - "host": null, - "interval": 10, - "metric": "aws.dd_forwarder.loggroup_cache_fetch_failure", - "points": "", - "tags": [ - "forwardername:test_function", - "forwarder_memorysize:3008", - "forwarder_version:", - "event_type:awslogs" - ], - "type": "distribution" - }, - { - "device": null, - "host": null, - "interval": 10, - "metric": "aws.dd_forwarder.list_tags_log_group_api_call", - "points": "", - "tags": [ - "forwardername:test_function", - "forwarder_memorysize:3008", - "forwarder_version:", - "event_type:awslogs" - ], - "type": "distribution" - }, - { - "device": null, - "host": null, - "interval": 10, - "metric": "aws.dd_forwarder.loggroup_cache_write_failure", - "points": "", - "tags": [ - "forwardername:test_function", - "forwarder_memorysize:3008", - "forwarder_version:", - "event_type:awslogs" - ], - "type": "distribution" - }, { "device": null, "host": null, diff --git a/aws/logs_monitoring/tools/integration_tests/snapshots/cloudwatch_log_cloudtrail.json~snapshot b/aws/logs_monitoring/tools/integration_tests/snapshots/cloudwatch_log_cloudtrail.json~snapshot index d1cc0ee2f..abf23f97f 100644 --- a/aws/logs_monitoring/tools/integration_tests/snapshots/cloudwatch_log_cloudtrail.json~snapshot +++ b/aws/logs_monitoring/tools/integration_tests/snapshots/cloudwatch_log_cloudtrail.json~snapshot @@ -84,6 +84,7 @@ "DD-API-KEY": "abcdefghijklmnopqrstuvwxyz012345", "DD-EVP-ORIGIN": "aws_forwarder", "DD-EVP-ORIGIN-VERSION": "", + "DD-STORAGE-TAG": "s3,cloudwatch", "Host": "recorder:8080", "User-Agent": "", "traceparent": "", @@ -99,48 +100,6 @@ { "data": { "series": [ - { - "device": null, - "host": null, - "interval": 10, - "metric": "aws.dd_forwarder.loggroup_cache_fetch_failure", - "points": "", - "tags": [ - "forwardername:test_function", - "forwarder_memorysize:3008", - "forwarder_version:", - "event_type:awslogs" - ], - "type": "distribution" - }, - { - "device": null, - "host": null, - "interval": 10, - "metric": "aws.dd_forwarder.list_tags_log_group_api_call", - "points": "", - "tags": [ - "forwardername:test_function", - "forwarder_memorysize:3008", - "forwarder_version:", - "event_type:awslogs" - ], - "type": "distribution" - }, - { - "device": null, - "host": null, - "interval": 10, - "metric": "aws.dd_forwarder.loggroup_cache_write_failure", - "points": "", - "tags": [ - "forwardername:test_function", - "forwarder_memorysize:3008", - "forwarder_version:", - "event_type:awslogs" - ], - "type": "distribution" - }, { "device": null, "host": null, diff --git a/aws/logs_monitoring/tools/integration_tests/snapshots/cloudwatch_log_coldstart.json~snapshot b/aws/logs_monitoring/tools/integration_tests/snapshots/cloudwatch_log_coldstart.json~snapshot index 006fa5866..408187aeb 100644 --- a/aws/logs_monitoring/tools/integration_tests/snapshots/cloudwatch_log_coldstart.json~snapshot +++ b/aws/logs_monitoring/tools/integration_tests/snapshots/cloudwatch_log_coldstart.json~snapshot @@ -3,48 +3,6 @@ { "data": { "series": [ - { - "device": null, - "host": null, - "interval": 10, - "metric": "aws.dd_forwarder.loggroup_cache_fetch_failure", - "points": "", - "tags": [ - "forwardername:test_function", - "forwarder_memorysize:3008", - "forwarder_version:", - "event_type:awslogs" - ], - "type": "distribution" - }, - { - "device": null, - "host": null, - "interval": 10, - "metric": "aws.dd_forwarder.list_tags_log_group_api_call", - "points": "", - "tags": [ - "forwardername:test_function", - "forwarder_memorysize:3008", - "forwarder_version:", - "event_type:awslogs" - ], - "type": "distribution" - }, - { - "device": null, - "host": null, - "interval": 10, - "metric": "aws.dd_forwarder.loggroup_cache_write_failure", - "points": "", - "tags": [ - "forwardername:test_function", - "forwarder_memorysize:3008", - "forwarder_version:", - "event_type:awslogs" - ], - "type": "distribution" - }, { "device": null, "host": null, diff --git a/aws/logs_monitoring/tools/integration_tests/snapshots/cloudwatch_log_custom_tags.json~snapshot b/aws/logs_monitoring/tools/integration_tests/snapshots/cloudwatch_log_custom_tags.json~snapshot index d68d0a08c..378e89640 100644 --- a/aws/logs_monitoring/tools/integration_tests/snapshots/cloudwatch_log_custom_tags.json~snapshot +++ b/aws/logs_monitoring/tools/integration_tests/snapshots/cloudwatch_log_custom_tags.json~snapshot @@ -30,6 +30,7 @@ "DD-API-KEY": "abcdefghijklmnopqrstuvwxyz012345", "DD-EVP-ORIGIN": "aws_forwarder", "DD-EVP-ORIGIN-VERSION": "", + "DD-STORAGE-TAG": "s3,cloudwatch", "Host": "recorder:8080", "User-Agent": "", "traceparent": "", @@ -45,20 +46,6 @@ { "data": { "series": [ - { - "device": null, - "host": null, - "interval": 10, - "metric": "aws.dd_forwarder.loggroup_local_cache_hit", - "points": "", - "tags": [ - "forwardername:test_function", - "forwarder_memorysize:3008", - "forwarder_version:", - "event_type:awslogs" - ], - "type": "distribution" - }, { "device": null, "host": null, diff --git a/aws/logs_monitoring/tools/integration_tests/snapshots/cloudwatch_log_lambda_invocation.json~snapshot b/aws/logs_monitoring/tools/integration_tests/snapshots/cloudwatch_log_lambda_invocation.json~snapshot index 328e4384b..9ddbd3c4f 100644 --- a/aws/logs_monitoring/tools/integration_tests/snapshots/cloudwatch_log_lambda_invocation.json~snapshot +++ b/aws/logs_monitoring/tools/integration_tests/snapshots/cloudwatch_log_lambda_invocation.json~snapshot @@ -348,6 +348,7 @@ "DD-API-KEY": "abcdefghijklmnopqrstuvwxyz012345", "DD-EVP-ORIGIN": "aws_forwarder", "DD-EVP-ORIGIN-VERSION": "", + "DD-STORAGE-TAG": "s3,cloudwatch", "Host": "recorder:8080", "User-Agent": "", "traceparent": "", @@ -717,48 +718,6 @@ { "data": { "series": [ - { - "device": null, - "host": null, - "interval": 10, - "metric": "aws.dd_forwarder.loggroup_cache_fetch_failure", - "points": "", - "tags": [ - "forwardername:test_function", - "forwarder_memorysize:3008", - "forwarder_version:", - "event_type:awslogs" - ], - "type": "distribution" - }, - { - "device": null, - "host": null, - "interval": 10, - "metric": "aws.dd_forwarder.list_tags_log_group_api_call", - "points": "", - "tags": [ - "forwardername:test_function", - "forwarder_memorysize:3008", - "forwarder_version:", - "event_type:awslogs" - ], - "type": "distribution" - }, - { - "device": null, - "host": null, - "interval": 10, - "metric": "aws.dd_forwarder.loggroup_cache_write_failure", - "points": "", - "tags": [ - "forwardername:test_function", - "forwarder_memorysize:3008", - "forwarder_version:", - "event_type:awslogs" - ], - "type": "distribution" - }, { "device": null, "host": null, diff --git a/aws/logs_monitoring/tools/integration_tests/snapshots/cloudwatch_log_service_tag.json~snapshot b/aws/logs_monitoring/tools/integration_tests/snapshots/cloudwatch_log_service_tag.json~snapshot index ace4aa562..3581a7828 100644 --- a/aws/logs_monitoring/tools/integration_tests/snapshots/cloudwatch_log_service_tag.json~snapshot +++ b/aws/logs_monitoring/tools/integration_tests/snapshots/cloudwatch_log_service_tag.json~snapshot @@ -30,6 +30,7 @@ "DD-API-KEY": "abcdefghijklmnopqrstuvwxyz012345", "DD-EVP-ORIGIN": "aws_forwarder", "DD-EVP-ORIGIN-VERSION": "", + "DD-STORAGE-TAG": "s3,cloudwatch", "Host": "recorder:8080", "User-Agent": "", "traceparent": "", @@ -45,20 +46,6 @@ { "data": { "series": [ - { - "device": null, - "host": null, - "interval": 10, - "metric": "aws.dd_forwarder.loggroup_local_cache_hit", - "points": "", - "tags": [ - "forwardername:test_function", - "forwarder_memorysize:3008", - "forwarder_version:", - "event_type:awslogs" - ], - "type": "distribution" - }, { "device": null, "host": null, diff --git a/aws/logs_monitoring/tools/integration_tests/snapshots/cloudwatch_log_timeout.json~snapshot b/aws/logs_monitoring/tools/integration_tests/snapshots/cloudwatch_log_timeout.json~snapshot index d65c8dec2..d96425609 100644 --- a/aws/logs_monitoring/tools/integration_tests/snapshots/cloudwatch_log_timeout.json~snapshot +++ b/aws/logs_monitoring/tools/integration_tests/snapshots/cloudwatch_log_timeout.json~snapshot @@ -96,6 +96,7 @@ "DD-API-KEY": "abcdefghijklmnopqrstuvwxyz012345", "DD-EVP-ORIGIN": "aws_forwarder", "DD-EVP-ORIGIN-VERSION": "", + "DD-STORAGE-TAG": "s3,cloudwatch", "Host": "recorder:8080", "User-Agent": "", "traceparent": "", @@ -111,20 +112,6 @@ { "data": { "series": [ - { - "device": null, - "host": null, - "interval": 10, - "metric": "aws.dd_forwarder.loggroup_local_cache_hit", - "points": "", - "tags": [ - "forwardername:test_function", - "forwarder_memorysize:3008", - "forwarder_version:", - "event_type:awslogs" - ], - "type": "distribution" - }, { "device": null, "host": null, diff --git a/aws/logs_monitoring/tools/integration_tests/snapshots/step_functions_log.json~snapshot b/aws/logs_monitoring/tools/integration_tests/snapshots/step_functions_log.json~snapshot index 38015a018..10e77ed1f 100644 --- a/aws/logs_monitoring/tools/integration_tests/snapshots/step_functions_log.json~snapshot +++ b/aws/logs_monitoring/tools/integration_tests/snapshots/step_functions_log.json~snapshot @@ -30,6 +30,7 @@ "DD-API-KEY": "abcdefghijklmnopqrstuvwxyz012345", "DD-EVP-ORIGIN": "aws_forwarder", "DD-EVP-ORIGIN-VERSION": "", + "DD-STORAGE-TAG": "s3,cloudwatch", "Host": "recorder:8080", "User-Agent": "", "traceparent": "", @@ -45,48 +46,6 @@ { "data": { "series": [ - { - "device": null, - "host": null, - "interval": 10, - "metric": "aws.dd_forwarder.loggroup_cache_fetch_failure", - "points": "", - "tags": [ - "forwardername:test_function", - "forwarder_memorysize:3008", - "forwarder_version:", - "event_type:awslogs" - ], - "type": "distribution" - }, - { - "device": null, - "host": null, - "interval": 10, - "metric": "aws.dd_forwarder.list_tags_log_group_api_call", - "points": "", - "tags": [ - "forwardername:test_function", - "forwarder_memorysize:3008", - "forwarder_version:", - "event_type:awslogs" - ], - "type": "distribution" - }, - { - "device": null, - "host": null, - "interval": 10, - "metric": "aws.dd_forwarder.loggroup_cache_write_failure", - "points": "", - "tags": [ - "forwardername:test_function", - "forwarder_memorysize:3008", - "forwarder_version:", - "event_type:awslogs" - ], - "type": "distribution" - }, { "device": null, "host": null, From 69d7021c695e79a51d7cd7c42aa81b4f35318dba Mon Sep 17 00:00:00 2001 From: Vincent Boutour Date: Tue, 14 Oct 2025 17:58:14 +0200 Subject: [PATCH 3/5] feat: AWSX-1566 Restoring fetch in the integration test to see metrics Signed-off-by: Vincent Boutour --- aws/logs_monitoring/settings.py | 10 +++++ aws/logs_monitoring/tools/build_bundle.sh | 2 +- .../integration_tests/integration_tests.sh | 3 +- ..._log_group_lambda_invocation.json~snapshot | 42 +++++++++++++++++++ .../snapshots/cloudwatch_log.json~snapshot | 42 +++++++++++++++++++ .../cloudwatch_log_cloudtrail.json~snapshot | 42 +++++++++++++++++++ .../cloudwatch_log_coldstart.json~snapshot | 42 +++++++++++++++++++ .../cloudwatch_log_custom_tags.json~snapshot | 14 +++++++ ...dwatch_log_lambda_invocation.json~snapshot | 42 +++++++++++++++++++ .../cloudwatch_log_service_tag.json~snapshot | 14 +++++++ .../cloudwatch_log_timeout.json~snapshot | 14 +++++++ .../step_functions_log.json~snapshot | 42 +++++++++++++++++++ 12 files changed, 307 insertions(+), 2 deletions(-) diff --git a/aws/logs_monitoring/settings.py b/aws/logs_monitoring/settings.py index 5c2c9334b..5db1f4f58 100644 --- a/aws/logs_monitoring/settings.py +++ b/aws/logs_monitoring/settings.py @@ -256,6 +256,16 @@ def __init__(self, name, pattern, placeholder, enabled=True): "DD_ENRICH_CLOUDWATCH_TAGS", default="true", boolean=True ) +if DD_FETCH_S3_TAGS and DD_ENRICH_S3_TAGS: + logger.warn( + "Enabling both DD_FETCH_S3_TAGS and DD_ENRICH_S3_TAGS might be unwanted" + ) + +if DD_FETCH_LOG_GROUP_TAGS and DD_ENRICH_CLOUDWATCH_TAGS: + logger.warn( + "Enabling both DD_FETCH_LOG_GROUP_TAGS and DD_ENRICH_CLOUDWATCH_TAGS might be unwanted" + ) + def get_fetch_s3_tags(): return DD_FETCH_S3_TAGS diff --git a/aws/logs_monitoring/tools/build_bundle.sh b/aws/logs_monitoring/tools/build_bundle.sh index 1f0669c4a..df450b3c2 100755 --- a/aws/logs_monitoring/tools/build_bundle.sh +++ b/aws/logs_monitoring/tools/build_bundle.sh @@ -64,7 +64,7 @@ docker_build_zip() { # between different python runtimes. temp_dir=$(mktemp -d) - docker buildx build --platform linux/arm64 --file "${DIR}/Dockerfile_bundle" -t "datadog-bundle:$1" .. --no-cache --build-arg "runtime=${PYTHON_VERSION}" + docker buildx build --platform linux/arm64 --file "${DIR}/Dockerfile_bundle" -t "datadog-bundle:$1" .. --no-cache --build-arg "runtime=${PYTHON_VERSION}" # Run the image by runtime tag, tar its generated `python` directory to sdout, # then extract it to a temp directory. diff --git a/aws/logs_monitoring/tools/integration_tests/integration_tests.sh b/aws/logs_monitoring/tools/integration_tests/integration_tests.sh index bd65de87b..8848b5599 100755 --- a/aws/logs_monitoring/tools/integration_tests/integration_tests.sh +++ b/aws/logs_monitoring/tools/integration_tests/integration_tests.sh @@ -21,6 +21,7 @@ SNAPS=($SNAPSHOT_DIR) ADDITIONAL_LAMBDA=false CACHE_TEST=false DD_FETCH_LAMBDA_TAGS="true" +DD_FETCH_LOG_GROUP_TAGS="true" DD_FETCH_STEP_FUNCTIONS_TAGS="true" script_start_time=$(date -u +"%Y-%m-%dT%H:%M:%SZ") @@ -37,7 +38,6 @@ for arg in "$@"; do shift ;; - # -u or --update # Update the snapshots to reflect this test run -u | --update) @@ -152,6 +152,7 @@ LOG_LEVEL=${LOG_LEVEL} \ AWS_ACCOUNT_ID=${AWS_ACCOUNT_ID} \ SNAPSHOTS_DIR_NAME="./${SNAPSHOTS_DIR_NAME}" \ DD_FETCH_LAMBDA_TAGS=${DD_FETCH_LAMBDA_TAGS} \ + DD_FETCH_LOG_GROUP_TAGS=${DD_FETCH_LOG_GROUP_TAGS} \ DD_FETCH_STEP_FUNCTIONS_TAGS=${DD_FETCH_STEP_FUNCTIONS_TAGS} \ docker compose up --build --abort-on-container-exit diff --git a/aws/logs_monitoring/tools/integration_tests/snapshots/cloudwatch_customized_log_group_lambda_invocation.json~snapshot b/aws/logs_monitoring/tools/integration_tests/snapshots/cloudwatch_customized_log_group_lambda_invocation.json~snapshot index 232957761..fd481ba52 100644 --- a/aws/logs_monitoring/tools/integration_tests/snapshots/cloudwatch_customized_log_group_lambda_invocation.json~snapshot +++ b/aws/logs_monitoring/tools/integration_tests/snapshots/cloudwatch_customized_log_group_lambda_invocation.json~snapshot @@ -91,6 +91,48 @@ { "data": { "series": [ + { + "device": null, + "host": null, + "interval": 10, + "metric": "aws.dd_forwarder.loggroup_cache_fetch_failure", + "points": "", + "tags": [ + "forwardername:test_function", + "forwarder_memorysize:3008", + "forwarder_version:", + "event_type:awslogs" + ], + "type": "distribution" + }, + { + "device": null, + "host": null, + "interval": 10, + "metric": "aws.dd_forwarder.list_tags_log_group_api_call", + "points": "", + "tags": [ + "forwardername:test_function", + "forwarder_memorysize:3008", + "forwarder_version:", + "event_type:awslogs" + ], + "type": "distribution" + }, + { + "device": null, + "host": null, + "interval": 10, + "metric": "aws.dd_forwarder.loggroup_cache_write_failure", + "points": "", + "tags": [ + "forwardername:test_function", + "forwarder_memorysize:3008", + "forwarder_version:", + "event_type:awslogs" + ], + "type": "distribution" + }, { "device": null, "host": null, diff --git a/aws/logs_monitoring/tools/integration_tests/snapshots/cloudwatch_log.json~snapshot b/aws/logs_monitoring/tools/integration_tests/snapshots/cloudwatch_log.json~snapshot index 1efc9ae27..3ea06e7e9 100644 --- a/aws/logs_monitoring/tools/integration_tests/snapshots/cloudwatch_log.json~snapshot +++ b/aws/logs_monitoring/tools/integration_tests/snapshots/cloudwatch_log.json~snapshot @@ -64,6 +64,48 @@ { "data": { "series": [ + { + "device": null, + "host": null, + "interval": 10, + "metric": "aws.dd_forwarder.loggroup_cache_fetch_failure", + "points": "", + "tags": [ + "forwardername:test_function", + "forwarder_memorysize:3008", + "forwarder_version:", + "event_type:awslogs" + ], + "type": "distribution" + }, + { + "device": null, + "host": null, + "interval": 10, + "metric": "aws.dd_forwarder.list_tags_log_group_api_call", + "points": "", + "tags": [ + "forwardername:test_function", + "forwarder_memorysize:3008", + "forwarder_version:", + "event_type:awslogs" + ], + "type": "distribution" + }, + { + "device": null, + "host": null, + "interval": 10, + "metric": "aws.dd_forwarder.loggroup_cache_write_failure", + "points": "", + "tags": [ + "forwardername:test_function", + "forwarder_memorysize:3008", + "forwarder_version:", + "event_type:awslogs" + ], + "type": "distribution" + }, { "device": null, "host": null, diff --git a/aws/logs_monitoring/tools/integration_tests/snapshots/cloudwatch_log_cloudtrail.json~snapshot b/aws/logs_monitoring/tools/integration_tests/snapshots/cloudwatch_log_cloudtrail.json~snapshot index abf23f97f..3fc79dadd 100644 --- a/aws/logs_monitoring/tools/integration_tests/snapshots/cloudwatch_log_cloudtrail.json~snapshot +++ b/aws/logs_monitoring/tools/integration_tests/snapshots/cloudwatch_log_cloudtrail.json~snapshot @@ -100,6 +100,48 @@ { "data": { "series": [ + { + "device": null, + "host": null, + "interval": 10, + "metric": "aws.dd_forwarder.loggroup_cache_fetch_failure", + "points": "", + "tags": [ + "forwardername:test_function", + "forwarder_memorysize:3008", + "forwarder_version:", + "event_type:awslogs" + ], + "type": "distribution" + }, + { + "device": null, + "host": null, + "interval": 10, + "metric": "aws.dd_forwarder.list_tags_log_group_api_call", + "points": "", + "tags": [ + "forwardername:test_function", + "forwarder_memorysize:3008", + "forwarder_version:", + "event_type:awslogs" + ], + "type": "distribution" + }, + { + "device": null, + "host": null, + "interval": 10, + "metric": "aws.dd_forwarder.loggroup_cache_write_failure", + "points": "", + "tags": [ + "forwardername:test_function", + "forwarder_memorysize:3008", + "forwarder_version:", + "event_type:awslogs" + ], + "type": "distribution" + }, { "device": null, "host": null, diff --git a/aws/logs_monitoring/tools/integration_tests/snapshots/cloudwatch_log_coldstart.json~snapshot b/aws/logs_monitoring/tools/integration_tests/snapshots/cloudwatch_log_coldstart.json~snapshot index 408187aeb..006fa5866 100644 --- a/aws/logs_monitoring/tools/integration_tests/snapshots/cloudwatch_log_coldstart.json~snapshot +++ b/aws/logs_monitoring/tools/integration_tests/snapshots/cloudwatch_log_coldstart.json~snapshot @@ -3,6 +3,48 @@ { "data": { "series": [ + { + "device": null, + "host": null, + "interval": 10, + "metric": "aws.dd_forwarder.loggroup_cache_fetch_failure", + "points": "", + "tags": [ + "forwardername:test_function", + "forwarder_memorysize:3008", + "forwarder_version:", + "event_type:awslogs" + ], + "type": "distribution" + }, + { + "device": null, + "host": null, + "interval": 10, + "metric": "aws.dd_forwarder.list_tags_log_group_api_call", + "points": "", + "tags": [ + "forwardername:test_function", + "forwarder_memorysize:3008", + "forwarder_version:", + "event_type:awslogs" + ], + "type": "distribution" + }, + { + "device": null, + "host": null, + "interval": 10, + "metric": "aws.dd_forwarder.loggroup_cache_write_failure", + "points": "", + "tags": [ + "forwardername:test_function", + "forwarder_memorysize:3008", + "forwarder_version:", + "event_type:awslogs" + ], + "type": "distribution" + }, { "device": null, "host": null, diff --git a/aws/logs_monitoring/tools/integration_tests/snapshots/cloudwatch_log_custom_tags.json~snapshot b/aws/logs_monitoring/tools/integration_tests/snapshots/cloudwatch_log_custom_tags.json~snapshot index 378e89640..0fa74be37 100644 --- a/aws/logs_monitoring/tools/integration_tests/snapshots/cloudwatch_log_custom_tags.json~snapshot +++ b/aws/logs_monitoring/tools/integration_tests/snapshots/cloudwatch_log_custom_tags.json~snapshot @@ -46,6 +46,20 @@ { "data": { "series": [ + { + "device": null, + "host": null, + "interval": 10, + "metric": "aws.dd_forwarder.loggroup_local_cache_hit", + "points": "", + "tags": [ + "forwardername:test_function", + "forwarder_memorysize:3008", + "forwarder_version:", + "event_type:awslogs" + ], + "type": "distribution" + }, { "device": null, "host": null, diff --git a/aws/logs_monitoring/tools/integration_tests/snapshots/cloudwatch_log_lambda_invocation.json~snapshot b/aws/logs_monitoring/tools/integration_tests/snapshots/cloudwatch_log_lambda_invocation.json~snapshot index 9ddbd3c4f..85a2beba8 100644 --- a/aws/logs_monitoring/tools/integration_tests/snapshots/cloudwatch_log_lambda_invocation.json~snapshot +++ b/aws/logs_monitoring/tools/integration_tests/snapshots/cloudwatch_log_lambda_invocation.json~snapshot @@ -718,6 +718,48 @@ { "data": { "series": [ + { + "device": null, + "host": null, + "interval": 10, + "metric": "aws.dd_forwarder.loggroup_cache_fetch_failure", + "points": "", + "tags": [ + "forwardername:test_function", + "forwarder_memorysize:3008", + "forwarder_version:", + "event_type:awslogs" + ], + "type": "distribution" + }, + { + "device": null, + "host": null, + "interval": 10, + "metric": "aws.dd_forwarder.list_tags_log_group_api_call", + "points": "", + "tags": [ + "forwardername:test_function", + "forwarder_memorysize:3008", + "forwarder_version:", + "event_type:awslogs" + ], + "type": "distribution" + }, + { + "device": null, + "host": null, + "interval": 10, + "metric": "aws.dd_forwarder.loggroup_cache_write_failure", + "points": "", + "tags": [ + "forwardername:test_function", + "forwarder_memorysize:3008", + "forwarder_version:", + "event_type:awslogs" + ], + "type": "distribution" + }, { "device": null, "host": null, diff --git a/aws/logs_monitoring/tools/integration_tests/snapshots/cloudwatch_log_service_tag.json~snapshot b/aws/logs_monitoring/tools/integration_tests/snapshots/cloudwatch_log_service_tag.json~snapshot index 3581a7828..d94a7f450 100644 --- a/aws/logs_monitoring/tools/integration_tests/snapshots/cloudwatch_log_service_tag.json~snapshot +++ b/aws/logs_monitoring/tools/integration_tests/snapshots/cloudwatch_log_service_tag.json~snapshot @@ -46,6 +46,20 @@ { "data": { "series": [ + { + "device": null, + "host": null, + "interval": 10, + "metric": "aws.dd_forwarder.loggroup_local_cache_hit", + "points": "", + "tags": [ + "forwardername:test_function", + "forwarder_memorysize:3008", + "forwarder_version:", + "event_type:awslogs" + ], + "type": "distribution" + }, { "device": null, "host": null, diff --git a/aws/logs_monitoring/tools/integration_tests/snapshots/cloudwatch_log_timeout.json~snapshot b/aws/logs_monitoring/tools/integration_tests/snapshots/cloudwatch_log_timeout.json~snapshot index d96425609..cc54f2a3b 100644 --- a/aws/logs_monitoring/tools/integration_tests/snapshots/cloudwatch_log_timeout.json~snapshot +++ b/aws/logs_monitoring/tools/integration_tests/snapshots/cloudwatch_log_timeout.json~snapshot @@ -112,6 +112,20 @@ { "data": { "series": [ + { + "device": null, + "host": null, + "interval": 10, + "metric": "aws.dd_forwarder.loggroup_local_cache_hit", + "points": "", + "tags": [ + "forwardername:test_function", + "forwarder_memorysize:3008", + "forwarder_version:", + "event_type:awslogs" + ], + "type": "distribution" + }, { "device": null, "host": null, diff --git a/aws/logs_monitoring/tools/integration_tests/snapshots/step_functions_log.json~snapshot b/aws/logs_monitoring/tools/integration_tests/snapshots/step_functions_log.json~snapshot index 10e77ed1f..09a539383 100644 --- a/aws/logs_monitoring/tools/integration_tests/snapshots/step_functions_log.json~snapshot +++ b/aws/logs_monitoring/tools/integration_tests/snapshots/step_functions_log.json~snapshot @@ -46,6 +46,48 @@ { "data": { "series": [ + { + "device": null, + "host": null, + "interval": 10, + "metric": "aws.dd_forwarder.loggroup_cache_fetch_failure", + "points": "", + "tags": [ + "forwardername:test_function", + "forwarder_memorysize:3008", + "forwarder_version:", + "event_type:awslogs" + ], + "type": "distribution" + }, + { + "device": null, + "host": null, + "interval": 10, + "metric": "aws.dd_forwarder.list_tags_log_group_api_call", + "points": "", + "tags": [ + "forwardername:test_function", + "forwarder_memorysize:3008", + "forwarder_version:", + "event_type:awslogs" + ], + "type": "distribution" + }, + { + "device": null, + "host": null, + "interval": 10, + "metric": "aws.dd_forwarder.loggroup_cache_write_failure", + "points": "", + "tags": [ + "forwardername:test_function", + "forwarder_memorysize:3008", + "forwarder_version:", + "event_type:awslogs" + ], + "type": "distribution" + }, { "device": null, "host": null, From c09d2a3e6a146d79d6e6de54f4a999f25e539074 Mon Sep 17 00:00:00 2001 From: Vincent Boutour Date: Thu, 16 Oct 2025 13:56:06 +0200 Subject: [PATCH 4/5] fixup! feat: AWSX-1566 Restoring fetch in the integration test to see metrics Signed-off-by: Vincent Boutour --- aws/logs_monitoring/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/aws/logs_monitoring/README.md b/aws/logs_monitoring/README.md index 79a382088..96b398184 100644 --- a/aws/logs_monitoring/README.md +++ b/aws/logs_monitoring/README.md @@ -568,10 +568,10 @@ To test different patterns against your logs, turn on [debug logs](#troubleshoot ### Advanced (optional) `DD_ENRICH_S3_TAGS` -: Instruct Datadog backend to enrich a log coming from a S3 bucket with the tag attached to this bucket. It's the equivalent behavior of `DD_FETCH_S3_TAG` but done after ingestion. This require Resource Collection to be enabled. Flag is enabled by default. +: Enabled by default. When enabled, instructs the Datadog backend to automatically enrich logs originating from S3 buckets with the tags associated with those buckets. This approach offers the same tag enrichment as `DD_FETCH_S3_TAGS` but defers the operation after log ingestion, reducing Forwarder overhead. Requires https://docs.datadoghq.com/integrations/amazon-web-services/#resource-collection to be enabled in your AWS integration. `DD_ENRICH_CLOUDWATCH_TAGS` -: Instruct Datadog backend to enrich a log coming from a Cloudwatch logGroup with the tag attached to this logGroup. It's the equivalent behavior of `DD_FETCH_LOG_GROUP_TAGS` but done after ingestion. This require Resource Collection to be enabled. Flag is enabled by default. +: Enabled by default. When enabled, instructs the Datadog backend to automatically enrich logs originating from Cloudwatch LogGrouo with the tags associated with those log groups. This approach offers the same tag enrichment as `DD_FETCH_LOG_GROUP_TAGS` but defers the operation after log ingestion, reducing Forwarder overhead. Requires https://docs.datadoghq.com/integrations/amazon-web-services/#resource-collection to be enabled in your AWS integration. `DD_FETCH_LAMBDA_TAGS` : Let the Forwarder fetch Lambda tags using GetResources API calls and apply them to logs, metrics, and traces. If set to true, permission `tag:GetResources` will be automatically added to the Lambda execution IAM role. From 49b885b9bf7898d37ae93dd25e01244e97fe5f82 Mon Sep 17 00:00:00 2001 From: Vincent Boutour Date: Thu, 16 Oct 2025 14:06:52 +0200 Subject: [PATCH 5/5] docs(aws): AWSX-1566 Refine documentation around the new variable Signed-off-by: Vincent Boutour --- aws/logs_monitoring/README.md | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/aws/logs_monitoring/README.md b/aws/logs_monitoring/README.md index 96b398184..4dd97323f 100644 --- a/aws/logs_monitoring/README.md +++ b/aws/logs_monitoring/README.md @@ -278,7 +278,7 @@ You can run the Forwarder in a VPC private subnet and send data to Datadog over 3. When installing the Forwarder with the CloudFormation template: 1. Set `DdUseVPC` to `true`. 2. Set `VPCSecurityGroupIds` and `VPCSubnetIds` based on your VPC settings. - 3. Set `DdFetchLambdaTags`, `DdFetchStepFunctionsTags` and `DdFetchS3Tags` to `false`, because AWS Resource Groups Tagging API doesn't support PrivateLink. + 3. Set `DdFetchLambdaTags`, `DdFetchStepFunctionsTags`, and `DdFetchS3Tags` to `false`, because AWS Resource Groups Tagging API doesn't support PrivateLink. ### AWS VPC and proxy support @@ -287,7 +287,7 @@ If you must deploy the Forwarder to a VPC without direct public internet access, 1. Unless the Forwarder is deployed to a public subnet, follow the [instructions][15] to add endpoints for Secrets Manager and S3 to the VPC, so that the Forwarder can access those services. 2. Update your proxy with following configurations ([HAProxy][17] or [NGINX][18]). If you are using another proxy, or Web Proxy, allowlist the Datadog domain, for example: `.{{< region-param key="dd_site" code="true" >}}`. 3. When installing the Forwarder with the CloudFormation template, set `DdUseVPC`, `VPCSecurityGroupIds`, and `VPCSubnetIds`. -4. Ensure the `DdFetchLambdaTags`, `DdFetchStepFunctionsTags` and `DdFetchS3Tags` options are disabled, because AWS VPC does not yet offer an endpoint for the Resource Groups Tagging API. +4. Ensure the `DdFetchLambdaTags`, `DdFetchStepFunctionsTags`, and `DdFetchS3Tags` options are disabled, because AWS VPC does not yet offer an endpoint for the Resource Groups Tagging API. 5. If you are using HAProxy or NGINX: - Set `DdApiUrl` to `http://:3834` or `https://:3834`. @@ -404,17 +404,23 @@ To test different patterns against your logs, turn on [debug logs](#troubleshoot ### Advanced (optional) +`DdEnrichS3Tags` +: Enabled by default. When enabled, instructs the Datadog backend to automatically enrich logs originating from S3 buckets with the tags associated with those buckets. This approach offers the same tag enrichment as `DdFetchS3Tags` but defers the operation after log ingestion, reducing Forwarder overhead. Requires [Resource Collection](https://docs.datadoghq.com/integrations/amazon-web-services/#resource-collection) to be enabled in your AWS integration. + +`DdEnrichCloudwatchTags` +: Enabled by default. When enabled, instructs the Datadog backend to automatically enrich logs originating from CloudWatch LogGroups with the tags associated with those log groups. This approach offers the same tag enrichment as `DdFetchLogGroupTags` but defers the operation after log ingestion, reducing Forwarder overhead. Requires [Resource Collection](https://docs.datadoghq.com/integrations/amazon-web-services/#resource-collection) to be enabled in your AWS integration. + `DdFetchLambdaTags` : Let the Forwarder fetch Lambda tags using GetResources API calls and apply them to logs, metrics, and traces. If set to true, permission `tag:GetResources` will be automatically added to the Lambda execution IAM role. `DdFetchLogGroupTags` -: Let the forwarder fetch Log Group tags using ListTagsLogGroup and apply them to logs, metrics, and traces. If set to true, permission `logs:ListTagsForResource` will be automatically added to the Lambda execution IAM role. +: **[DEPRECATED, use DdEnrichCloudwatchTags]** Let the forwarder fetch Log Group tags using ListTagsLogGroup and apply them to logs, metrics, and traces. If set to true, permission `logs:ListTagsForResource` will be automatically added to the Lambda execution IAM role. `DdFetchStepFunctionsTags` : Let the Forwarder fetch Step Functions tags using GetResources API calls and apply them to logs and traces (if Step Functions tracing is enabled). If set to true, permission `tag:GetResources` will be automatically added to the Lambda execution IAM role. `DdFetchS3Tags` -: Let the Forwarder fetch S3 tags using GetResources API calls and apply them to logs and traces. If set to true, permission `tag:GetResources` will be automatically added to the Lambda execution IAM role. +: **[DEPRECATED, use DdEnrichS3Tags]** Let the Forwarder fetch S3 tags using GetResources API calls and apply them to logs and traces. If set to true, permission `tag:GetResources` will be automatically added to the Lambda execution IAM role. `DdStepFunctionsTraceEnabled` : Set to true to enable tracing for all Step Functions. @@ -571,7 +577,7 @@ To test different patterns against your logs, turn on [debug logs](#troubleshoot : Enabled by default. When enabled, instructs the Datadog backend to automatically enrich logs originating from S3 buckets with the tags associated with those buckets. This approach offers the same tag enrichment as `DD_FETCH_S3_TAGS` but defers the operation after log ingestion, reducing Forwarder overhead. Requires https://docs.datadoghq.com/integrations/amazon-web-services/#resource-collection to be enabled in your AWS integration. `DD_ENRICH_CLOUDWATCH_TAGS` -: Enabled by default. When enabled, instructs the Datadog backend to automatically enrich logs originating from Cloudwatch LogGrouo with the tags associated with those log groups. This approach offers the same tag enrichment as `DD_FETCH_LOG_GROUP_TAGS` but defers the operation after log ingestion, reducing Forwarder overhead. Requires https://docs.datadoghq.com/integrations/amazon-web-services/#resource-collection to be enabled in your AWS integration. +: Enabled by default. When enabled, instructs the Datadog backend to automatically enrich logs originating from Cloudwatch LogGroup with the tags associated with those log groups. This approach offers the same tag enrichment as `DD_FETCH_LOG_GROUP_TAGS` but defers the operation after log ingestion, reducing Forwarder overhead. Requires https://docs.datadoghq.com/integrations/amazon-web-services/#resource-collection to be enabled in your AWS integration. `DD_FETCH_LAMBDA_TAGS` : Let the Forwarder fetch Lambda tags using GetResources API calls and apply them to logs, metrics, and traces. If set to true, permission `tag:GetResources` will be automatically added to the Lambda execution IAM role.