This construct makes it easy to integrate your AWS account with Datadog. It creates nested stacks based on the official Datadog Cloudformation templates using Amazon Cloud Development Kit (CDK).
This construct will still work, but it cannot be updated to the latest integration template until the upstream issue is fixed. Please add a +1 to DataDog/cloudformation-template#68 to help prioritize it.
-
Install the package
npm i --save cdk-datadog-integration
Or via pypi, NuGet, or GitHub Packages.
-
Import the stack and pass the required parameters.
import * as cdk from "aws-cdk-lib"; import { MonitoringInfrastructureStack } from "../lib/monitoring-infrastructure-stack"; const app = new cdk.App(); new MonitoringInfrastructureStack(app, "MonitoringInfrastructure");
import * as cdk from "aws-cdk-lib"; import * as secrets from "aws-cdk-lib/aws-secretsmanager"; import { DatadogIntegration } from "cdk-datadog-integration"; export class MonitoringInfrastructureStack extends cdk.Stack { constructor(scope: cdk.App, id: string, props?: cdk.StackProps) { super(scope, id, props); const datadog = new DatadogIntegration(this, "Datadog", { // Generate an ID here: https://app.datadoghq.com/account/settings#integrations/amazon-web-services externalId: "", // Create or lookup a `Secret` that contains your Datadog API Key // See https://docs.aws.amazon.com/cdk/api/latest/docs/aws-secretsmanager-readme.html for details on Secrets in CDK // Get your API key here: https://app.datadoghq.com/account/settings#api apiKey: secrets.Secret.fromSecretNameV2( this, "DatadogApiKey", "<your secret name>" ), }); } }
Use DatadogIntegrationConfig
to set additional configuration parameters. Check
out
docs
for more details on what's available.
Additionally, a CDK Construct
is exposed, should you want to add additional
customizations vs. using the out-of-the-box Stack
.
This package is expected to work with all recent versions of CDK v2. It has been tested with 2.1.0 so almost certainly works will all newer versions, and probably works with some older versions too, but is untested.
If you're still on CDK v1, you can use cdk-datadog-integration@1
, but this
version is unmaintained. Please upgrade to CDKv2.
This module uses the
CfnStack
CDK Construct
to import the three CloudFormation stacks referenced by the
main Datadog CloudFormation template.
By referencing the Datadog-provided templates, you can be confident that the
integration works exactly as Datadog intends.
This package is created and maintained by Ben Limmer, a freelance architect and consultant. I love helping businesses of all sizes solve their hardest technology problems. Let's connect if I can be of help!
PRs are welcome!
To release, merge your PR to main
.
import { DatadogIntegration } from 'cdk-datadog-integration'
new DatadogIntegration(scope: Construct, id: string, props: DatadogIntegrationConfig)
Name | Type | Description |
---|---|---|
scope |
constructs.Construct |
No description. |
id |
string |
No description. |
props |
DatadogIntegrationConfig |
No description. |
- Type: constructs.Construct
- Type: string
- Type: DatadogIntegrationConfig
Name | Description |
---|---|
toString |
Returns a string representation of this construct. |
public toString(): string
Returns a string representation of this construct.
Name | Description |
---|---|
isConstruct |
Checks if x is a construct. |
import { DatadogIntegration } from 'cdk-datadog-integration'
DatadogIntegration.isConstruct(x: any)
Checks if x
is a construct.
- Type: any
Any object.
Name | Type | Description |
---|---|---|
node |
constructs.Node |
The tree node. |
public readonly node: Node;
- Type: constructs.Node
The tree node.
import { DatadogIntegrationStack } from 'cdk-datadog-integration'
new DatadogIntegrationStack(scope: Construct, id: string, props: DatadogIntegrationStackConfig)
Name | Type | Description |
---|---|---|
scope |
constructs.Construct |
No description. |
id |
string |
No description. |
props |
DatadogIntegrationStackConfig |
No description. |
- Type: constructs.Construct
- Type: string
Name | Description |
---|---|
toString |
Returns a string representation of this construct. |
addDependency |
Add a dependency between this stack and another stack. |
addMetadata |
Adds an arbitary key-value pair, with information you want to record about the stack. |
addTransform |
Add a Transform to this stack. A Transform is a macro that AWS CloudFormation uses to process your template. |
exportStringListValue |
Create a CloudFormation Export for a string list value. |
exportValue |
Create a CloudFormation Export for a string value. |
formatArn |
Creates an ARN from components. |
getLogicalId |
Allocates a stack-unique CloudFormation-compatible logical identity for a specific resource. |
regionalFact |
Look up a fact value for the given fact for the region of this stack. |
renameLogicalId |
Rename a generated logical identities. |
reportMissingContextKey |
Indicate that a context key was expected. |
resolve |
Resolve a tokenized value in the context of the current stack. |
splitArn |
Splits the provided ARN into its components. |
toJsonString |
Convert an object, potentially containing tokens, to a JSON string. |
public toString(): string
Returns a string representation of this construct.
public addDependency(target: Stack, reason?: string): void
Add a dependency between this stack and another stack.
This can be used to define dependencies between any two stacks within an app, and also supports nested stacks.
- Type: aws-cdk-lib.Stack
- Type: string
public addMetadata(key: string, value: any): void
Adds an arbitary key-value pair, with information you want to record about the stack.
These get translated to the Metadata section of the generated template.
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
- Type: string
- Type: any
public addTransform(transform: string): void
Add a Transform to this stack. A Transform is a macro that AWS CloudFormation uses to process your template.
Duplicate values are removed when stack is synthesized.
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/transform-section-structure.html
Example
declare const stack: Stack;
stack.addTransform('AWS::Serverless-2016-10-31')
- Type: string
The transform to add.
public exportStringListValue(exportedValue: any, options?: ExportValueOptions): string[]
Create a CloudFormation Export for a string list value.
Returns a string list representing the corresponding Fn.importValue()
expression for this Export. The export expression is automatically wrapped with an
Fn::Join
and the import value with an Fn::Split
, since CloudFormation can only
export strings. You can control the name for the export by passing the name
option.
If you don't supply a value for name
, the value you're exporting must be
a Resource attribute (for example: bucket.bucketName
) and it will be
given the same name as the automatic cross-stack reference that would be created
if you used the attribute in another Stack.
One of the uses for this method is to remove the relationship between two Stacks established by automatic cross-stack references. It will temporarily ensure that the CloudFormation Export still exists while you remove the reference from the consuming stack. After that, you can remove the resource and the manual export.
- Type: any
- Type: aws-cdk-lib.ExportValueOptions
public exportValue(exportedValue: any, options?: ExportValueOptions): string
Create a CloudFormation Export for a string value.
Returns a string representing the corresponding Fn.importValue()
expression for this Export. You can control the name for the export by
passing the name
option.
If you don't supply a value for name
, the value you're exporting must be
a Resource attribute (for example: bucket.bucketName
) and it will be
given the same name as the automatic cross-stack reference that would be created
if you used the attribute in another Stack.
One of the uses for this method is to remove the relationship between two Stacks established by automatic cross-stack references. It will temporarily ensure that the CloudFormation Export still exists while you remove the reference from the consuming stack. After that, you can remove the resource and the manual export.
Here is how the process works. Let's say there are two stacks,
producerStack
and consumerStack
, and producerStack
has a bucket
called bucket
, which is referenced by consumerStack
(perhaps because
an AWS Lambda Function writes into it, or something like that).
It is not safe to remove producerStack.bucket
because as the bucket is being
deleted, consumerStack
might still be using it.
Instead, the process takes two deployments:
- Make sure
consumerStack
no longer referencesbucket.bucketName
(maybe the consumer stack now uses its own bucket, or it writes to an AWS DynamoDB table, or maybe you just remove the Lambda Function altogether). - In the
ProducerStack
class, callthis.exportValue(this.bucket.bucketName)
. This will make sure the CloudFormation Export continues to exist while the relationship between the two stacks is being broken. - Deploy (this will effectively only change the
consumerStack
, but it's safe to deploy both).
- You are now free to remove the
bucket
resource fromproducerStack
. - Don't forget to remove the
exportValue()
call as well. - Deploy again (this time only the
producerStack
will be changed -- the bucket will be deleted).
- Type: any
- Type: aws-cdk-lib.ExportValueOptions
public formatArn(components: ArnComponents): string
Creates an ARN from components.
If partition
, region
or account
are not specified, the stack's
partition, region and account will be used.
If any component is the empty string, an empty string will be inserted into the generated ARN at the location that component corresponds to.
The ARN will be formatted as follows:
arn:{partition}:{service}:{region}:{account}:{resource}{sep}{resource-name}
The required ARN pieces that are omitted will be taken from the stack that the 'scope' is attached to. If all ARN pieces are supplied, the supplied scope can be 'undefined'.
- Type: aws-cdk-lib.ArnComponents
public getLogicalId(element: CfnElement): string
Allocates a stack-unique CloudFormation-compatible logical identity for a specific resource.
This method is called when a CfnElement
is created and used to render the
initial logical identity of resources. Logical ID renames are applied at
this stage.
This method uses the protected method allocateLogicalId
to render the
logical ID for an element. To modify the naming scheme, extend the Stack
class and override this method.
- Type: aws-cdk-lib.CfnElement
The CloudFormation element for which a logical identity is needed.
public regionalFact(factName: string, defaultValue?: string): string
Look up a fact value for the given fact for the region of this stack.
Will return a definite value only if the region of the current stack is resolved. If not, a lookup map will be added to the stack and the lookup will be done at CDK deployment time.
What regions will be included in the lookup map is controlled by the
@aws-cdk/core:target-partitions
context value: it must be set to a list
of partitions, and only regions from the given partitions will be included.
If no such context key is set, all regions will be included.
This function is intended to be used by construct library authors. Application builders can rely on the abstractions offered by construct libraries and do not have to worry about regional facts.
If defaultValue
is not given, it is an error if the fact is unknown for
the given region.
- Type: string
- Type: string
public renameLogicalId(oldId: string, newId: string): void
Rename a generated logical identities.
To modify the naming scheme strategy, extend the Stack
class and
override the allocateLogicalId
method.
- Type: string
- Type: string
public reportMissingContextKey(report: MissingContext): void
Indicate that a context key was expected.
Contains instructions which will be emitted into the cloud assembly on how the key should be supplied.
- Type: aws-cdk-lib.cloud_assembly_schema.MissingContext
The set of parameters needed to obtain the context.
public resolve(obj: any): any
Resolve a tokenized value in the context of the current stack.
- Type: any
public splitArn(arn: string, arnFormat: ArnFormat): ArnComponents
Splits the provided ARN into its components.
Works both if 'arn' is a string like 'arn:aws:s3:::bucket', and a Token representing a dynamic CloudFormation expression (in which case the returned components will also be dynamic CloudFormation expressions, encoded as Tokens).
- Type: string
the ARN to split into its components.
- Type: aws-cdk-lib.ArnFormat
the expected format of 'arn' - depends on what format the service 'arn' represents uses.
public toJsonString(obj: any, space?: number): string
Convert an object, potentially containing tokens, to a JSON string.
- Type: any
- Type: number
Name | Description |
---|---|
isConstruct |
Checks if x is a construct. |
isStack |
Return whether the given object is a Stack. |
of |
Looks up the first stack scope in which construct is defined. |
import { DatadogIntegrationStack } from 'cdk-datadog-integration'
DatadogIntegrationStack.isConstruct(x: any)
Checks if x
is a construct.
- Type: any
Any object.
import { DatadogIntegrationStack } from 'cdk-datadog-integration'
DatadogIntegrationStack.isStack(x: any)
Return whether the given object is a Stack.
We do attribute detection since we can't reliably use 'instanceof'.
- Type: any
import { DatadogIntegrationStack } from 'cdk-datadog-integration'
DatadogIntegrationStack.of(construct: IConstruct)
Looks up the first stack scope in which construct
is defined.
Fails if there is no stack up the tree.
- Type: constructs.IConstruct
The construct to start the search from.
Name | Type | Description |
---|---|---|
node |
constructs.Node |
The tree node. |
account |
string |
The AWS account into which this stack will be deployed. |
artifactId |
string |
The ID of the cloud assembly artifact for this stack. |
availabilityZones |
string[] |
Returns the list of AZs that are available in the AWS environment (account/region) associated with this stack. |
bundlingRequired |
boolean |
Indicates whether the stack requires bundling or not. |
dependencies |
aws-cdk-lib.Stack[] |
Return the stacks this stack depends on. |
environment |
string |
The environment coordinates in which this stack is deployed. |
nested |
boolean |
Indicates if this is a nested stack, in which case parentStack will include a reference to it's parent. |
notificationArns |
string[] |
Returns the list of notification Amazon Resource Names (ARNs) for the current stack. |
partition |
string |
The partition in which this stack is defined. |
region |
string |
The AWS region into which this stack will be deployed (e.g. us-west-2 ). |
stackId |
string |
The ID of the stack. |
stackName |
string |
The concrete CloudFormation physical stack name. |
synthesizer |
aws-cdk-lib.IStackSynthesizer |
Synthesis method for this stack. |
tags |
aws-cdk-lib.TagManager |
Tags to be applied to the stack. |
templateFile |
string |
The name of the CloudFormation template file emitted to the output directory during synthesis. |
templateOptions |
aws-cdk-lib.ITemplateOptions |
Options for CloudFormation template (like version, transform, description). |
urlSuffix |
string |
The Amazon domain suffix for the region in which this stack is defined. |
nestedStackParent |
aws-cdk-lib.Stack |
If this is a nested stack, returns it's parent stack. |
nestedStackResource |
aws-cdk-lib.CfnResource |
If this is a nested stack, this represents its AWS::CloudFormation::Stack resource. |
terminationProtection |
boolean |
Whether termination protection is enabled for this stack. |
public readonly node: Node;
- Type: constructs.Node
The tree node.
public readonly account: string;
- Type: string
The AWS account into which this stack will be deployed.
This value is resolved according to the following rules:
- The value provided to
env.account
when the stack is defined. This can either be a concrete account (e.g.585695031111
) or theAws.ACCOUNT_ID
token. Aws.ACCOUNT_ID
, which represents the CloudFormation intrinsic reference{ "Ref": "AWS::AccountId" }
encoded as a string token.
Preferably, you should use the return value as an opaque string and not
attempt to parse it to implement your logic. If you do, you must first
check that it is a concerete value an not an unresolved token. If this
value is an unresolved token (Token.isUnresolved(stack.account)
returns
true
), this implies that the user wishes that this stack will synthesize
into a account-agnostic template. In this case, your code should either
fail (throw an error, emit a synth error using Annotations.of(construct).addError()
) or
implement some other region-agnostic behavior.
public readonly artifactId: string;
- Type: string
The ID of the cloud assembly artifact for this stack.
public readonly availabilityZones: string[];
- Type: string[]
Returns the list of AZs that are available in the AWS environment (account/region) associated with this stack.
If the stack is environment-agnostic (either account and/or region are
tokens), this property will return an array with 2 tokens that will resolve
at deploy-time to the first two availability zones returned from CloudFormation's
Fn::GetAZs
intrinsic function.
If they are not available in the context, returns a set of dummy values and
reports them as missing, and let the CLI resolve them by calling EC2
DescribeAvailabilityZones
on the target environment.
To specify a different strategy for selecting availability zones override this method.
public readonly bundlingRequired: boolean;
- Type: boolean
Indicates whether the stack requires bundling or not.
public readonly dependencies: Stack[];
- Type: aws-cdk-lib.Stack[]
Return the stacks this stack depends on.
public readonly environment: string;
- Type: string
The environment coordinates in which this stack is deployed.
In the form
aws://account/region
. Use stack.account
and stack.region
to obtain
the specific values, no need to parse.
You can use this value to determine if two stacks are targeting the same environment.
If either stack.account
or stack.region
are not concrete values (e.g.
Aws.ACCOUNT_ID
or Aws.REGION
) the special strings unknown-account
and/or
unknown-region
will be used respectively to indicate this stack is
region/account-agnostic.
public readonly nested: boolean;
- Type: boolean
Indicates if this is a nested stack, in which case parentStack
will include a reference to it's parent.
public readonly notificationArns: string[];
- Type: string[]
Returns the list of notification Amazon Resource Names (ARNs) for the current stack.
public readonly partition: string;
- Type: string
The partition in which this stack is defined.
public readonly region: string;
- Type: string
The AWS region into which this stack will be deployed (e.g. us-west-2
).
This value is resolved according to the following rules:
- The value provided to
env.region
when the stack is defined. This can either be a concerete region (e.g.us-west-2
) or theAws.REGION
token. Aws.REGION
, which is represents the CloudFormation intrinsic reference{ "Ref": "AWS::Region" }
encoded as a string token.
Preferably, you should use the return value as an opaque string and not
attempt to parse it to implement your logic. If you do, you must first
check that it is a concerete value an not an unresolved token. If this
value is an unresolved token (Token.isUnresolved(stack.region)
returns
true
), this implies that the user wishes that this stack will synthesize
into a region-agnostic template. In this case, your code should either
fail (throw an error, emit a synth error using Annotations.of(construct).addError()
) or
implement some other region-agnostic behavior.
public readonly stackId: string;
- Type: string
The ID of the stack.
Example
// After resolving, looks like
'arn:aws:cloudformation:us-west-2:123456789012:stack/teststack/51af3dc0-da77-11e4-872e-1234567db123'
public readonly stackName: string;
- Type: string
The concrete CloudFormation physical stack name.
This is either the name defined explicitly in the stackName
prop or
allocated based on the stack's location in the construct tree. Stacks that
are directly defined under the app use their construct id
as their stack
name. Stacks that are defined deeper within the tree will use a hashed naming
scheme based on the construct path to ensure uniqueness.
If you wish to obtain the deploy-time AWS::StackName intrinsic,
you can use Aws.STACK_NAME
directly.
public readonly synthesizer: IStackSynthesizer;
- Type: aws-cdk-lib.IStackSynthesizer
Synthesis method for this stack.
public readonly tags: TagManager;
- Type: aws-cdk-lib.TagManager
Tags to be applied to the stack.
public readonly templateFile: string;
- Type: string
The name of the CloudFormation template file emitted to the output directory during synthesis.
Example value: MyStack.template.json
public readonly templateOptions: ITemplateOptions;
- Type: aws-cdk-lib.ITemplateOptions
Options for CloudFormation template (like version, transform, description).
public readonly urlSuffix: string;
- Type: string
The Amazon domain suffix for the region in which this stack is defined.
public readonly nestedStackParent: Stack;
- Type: aws-cdk-lib.Stack
If this is a nested stack, returns it's parent stack.
public readonly nestedStackResource: CfnResource;
- Type: aws-cdk-lib.CfnResource
If this is a nested stack, this represents its AWS::CloudFormation::Stack
resource.
undefined
for top-level (non-nested) stacks.
public readonly terminationProtection: boolean;
- Type: boolean
Whether termination protection is enabled for this stack.
import { DatadogIntegrationConfig } from 'cdk-datadog-integration'
const datadogIntegrationConfig: DatadogIntegrationConfig = { ... }
Name | Type | Description |
---|---|---|
apiKey |
aws-cdk-lib.aws_secretsmanager.ISecret |
API key for the Datadog account (find at https://app.datadoghq.com/account/settings#api). |
externalId |
string |
External ID for the Datadog role (generate at https://app.datadoghq.com/account/settings#integrations/amazon-web-services). |
additionalForwarderParams |
{[ key: string ]: string} |
Additional parameters to pass through to the underlying Forwarder CloudFormation template. |
additionalIntegrationRoleParams |
{[ key: string ]: string} |
Additional parameters to pass through to the underlying Integration Role CloudFormation template. |
cloudTrails |
aws-cdk-lib.aws_s3.Bucket[] |
S3 buckets for Datadog CloudTrail integration. |
forwarderName |
string |
The Datadog Forwarder Lambda function name. |
forwarderVersion |
string |
Specify a version of the forwarder to use. |
iamRoleName |
string |
Customize the name of IAM role for Datadog AWS integration. |
installDatadogPolicyMacro |
boolean |
If you already deployed a stack using this template, set this parameter to false to skip the installation of the DatadogPolicy Macro again. |
logArchives |
aws-cdk-lib.aws_s3.Bucket[] |
S3 paths to store log archives for log rehydration. |
permissions |
string |
Customize the permission level for the Datadog IAM role. |
site |
string |
Define your Datadog Site to send data to. |
public readonly apiKey: ISecret;
- Type: aws-cdk-lib.aws_secretsmanager.ISecret
API key for the Datadog account (find at https://app.datadoghq.com/account/settings#api).
public readonly externalId: string;
- Type: string
External ID for the Datadog role (generate at https://app.datadoghq.com/account/settings#integrations/amazon-web-services).
public readonly additionalForwarderParams: {[ key: string ]: string};
- Type: {[ key: string ]: string}
Additional parameters to pass through to the underlying Forwarder CloudFormation template.
Use this construct if you need to specify a template variable not yet exposed through this library.
See https://datadog-cloudformation-template.s3.amazonaws.com/aws/forwarder/latest.yaml for the latest parameters.
public readonly additionalIntegrationRoleParams: {[ key: string ]: string};
- Type: {[ key: string ]: string}
Additional parameters to pass through to the underlying Integration Role CloudFormation template.
Use this construct if you need to specify a template variable not yet exposed through this library.
See https://datadog-cloudformation-template.s3.amazonaws.com/aws/datadog_integration_role.yaml for the latest parameters.
public readonly cloudTrails: Bucket[];
- Type: aws-cdk-lib.aws_s3.Bucket[]
S3 buckets for Datadog CloudTrail integration.
Permissions will be automatically added to the Datadog integration IAM role. https://docs.datadoghq.com/integrations/amazon_cloudtrail
public readonly forwarderName: string;
- Type: string
- Default: DatadogForwarder
The Datadog Forwarder Lambda function name.
DO NOT change when updating an existing CloudFormation stack, otherwise the current forwarder function will be replaced and all the triggers will be lost.
public readonly forwarderVersion: string;
- Type: string
- Default: latest
Specify a version of the forwarder to use.
See https://github.com/DataDog/datadog-serverless-functions/releases. Pass this parameter as a version string, e.g., '3.9.0'
public readonly iamRoleName: string;
- Type: string
- Default: DatadogIntegrationRole
Customize the name of IAM role for Datadog AWS integration.
public readonly installDatadogPolicyMacro: boolean;
- Type: boolean
- Default: true
If you already deployed a stack using this template, set this parameter to false to skip the installation of the DatadogPolicy Macro again.
public readonly logArchives: Bucket[];
- Type: aws-cdk-lib.aws_s3.Bucket[]
S3 paths to store log archives for log rehydration.
Permissions will be automatically added to the Datadog integration IAM role. https://docs.datadoghq.com/logs/archives/rehydrating/?tab=awss
public readonly permissions: string;
- Type: string
- Default: Full
Customize the permission level for the Datadog IAM role.
Select "Core" to only grant Datadog read-only permissions (not recommended).
public readonly site: string;
- Type: string
- Default: datadoghq.com
Define your Datadog Site to send data to.
For the Datadog EU site, set to datadoghq.eu
import { DatadogIntegrationStackConfig } from 'cdk-datadog-integration'
const datadogIntegrationStackConfig: DatadogIntegrationStackConfig = { ... }
Name | Type | Description |
---|---|---|
apiKey |
aws-cdk-lib.aws_secretsmanager.ISecret |
API key for the Datadog account (find at https://app.datadoghq.com/account/settings#api). |
externalId |
string |
External ID for the Datadog role (generate at https://app.datadoghq.com/account/settings#integrations/amazon-web-services). |
additionalForwarderParams |
{[ key: string ]: string} |
Additional parameters to pass through to the underlying Forwarder CloudFormation template. |
additionalIntegrationRoleParams |
{[ key: string ]: string} |
Additional parameters to pass through to the underlying Integration Role CloudFormation template. |
cloudTrails |
aws-cdk-lib.aws_s3.Bucket[] |
S3 buckets for Datadog CloudTrail integration. |
forwarderName |
string |
The Datadog Forwarder Lambda function name. |
forwarderVersion |
string |
Specify a version of the forwarder to use. |
iamRoleName |
string |
Customize the name of IAM role for Datadog AWS integration. |
installDatadogPolicyMacro |
boolean |
If you already deployed a stack using this template, set this parameter to false to skip the installation of the DatadogPolicy Macro again. |
logArchives |
aws-cdk-lib.aws_s3.Bucket[] |
S3 paths to store log archives for log rehydration. |
permissions |
string |
Customize the permission level for the Datadog IAM role. |
site |
string |
Define your Datadog Site to send data to. |
analyticsReporting |
boolean |
Include runtime versioning information in this Stack. |
crossRegionReferences |
boolean |
Enable this flag to allow native cross region stack references. |
description |
string |
A description of the stack. |
env |
aws-cdk-lib.Environment |
The AWS environment (account/region) where this stack will be deployed. |
permissionsBoundary |
aws-cdk-lib.PermissionsBoundary |
Options for applying a permissions boundary to all IAM Roles and Users created within this Stage. |
stackName |
string |
Name to deploy the stack with. |
synthesizer |
aws-cdk-lib.IStackSynthesizer |
Synthesis method to use while deploying this stack. |
tags |
{[ key: string ]: string} |
Stack tags that will be applied to all the taggable resources and the stack itself. |
terminationProtection |
boolean |
Whether to enable termination protection for this stack. |
public readonly apiKey: ISecret;
- Type: aws-cdk-lib.aws_secretsmanager.ISecret
API key for the Datadog account (find at https://app.datadoghq.com/account/settings#api).
public readonly externalId: string;
- Type: string
External ID for the Datadog role (generate at https://app.datadoghq.com/account/settings#integrations/amazon-web-services).
public readonly additionalForwarderParams: {[ key: string ]: string};
- Type: {[ key: string ]: string}
Additional parameters to pass through to the underlying Forwarder CloudFormation template.
Use this construct if you need to specify a template variable not yet exposed through this library.
See https://datadog-cloudformation-template.s3.amazonaws.com/aws/forwarder/latest.yaml for the latest parameters.
public readonly additionalIntegrationRoleParams: {[ key: string ]: string};
- Type: {[ key: string ]: string}
Additional parameters to pass through to the underlying Integration Role CloudFormation template.
Use this construct if you need to specify a template variable not yet exposed through this library.
See https://datadog-cloudformation-template.s3.amazonaws.com/aws/datadog_integration_role.yaml for the latest parameters.
public readonly cloudTrails: Bucket[];
- Type: aws-cdk-lib.aws_s3.Bucket[]
S3 buckets for Datadog CloudTrail integration.
Permissions will be automatically added to the Datadog integration IAM role. https://docs.datadoghq.com/integrations/amazon_cloudtrail
public readonly forwarderName: string;
- Type: string
- Default: DatadogForwarder
The Datadog Forwarder Lambda function name.
DO NOT change when updating an existing CloudFormation stack, otherwise the current forwarder function will be replaced and all the triggers will be lost.
public readonly forwarderVersion: string;
- Type: string
- Default: latest
Specify a version of the forwarder to use.
See https://github.com/DataDog/datadog-serverless-functions/releases. Pass this parameter as a version string, e.g., '3.9.0'
public readonly iamRoleName: string;
- Type: string
- Default: DatadogIntegrationRole
Customize the name of IAM role for Datadog AWS integration.
public readonly installDatadogPolicyMacro: boolean;
- Type: boolean
- Default: true
If you already deployed a stack using this template, set this parameter to false to skip the installation of the DatadogPolicy Macro again.
public readonly logArchives: Bucket[];
- Type: aws-cdk-lib.aws_s3.Bucket[]
S3 paths to store log archives for log rehydration.
Permissions will be automatically added to the Datadog integration IAM role. https://docs.datadoghq.com/logs/archives/rehydrating/?tab=awss
public readonly permissions: string;
- Type: string
- Default: Full
Customize the permission level for the Datadog IAM role.
Select "Core" to only grant Datadog read-only permissions (not recommended).
public readonly site: string;
- Type: string
- Default: datadoghq.com
Define your Datadog Site to send data to.
For the Datadog EU site, set to datadoghq.eu
public readonly analyticsReporting: boolean;
- Type: boolean
- Default:
analyticsReporting
setting of containingApp
, or value of 'aws:cdk:version-reporting' context key
Include runtime versioning information in this Stack.
public readonly crossRegionReferences: boolean;
- Type: boolean
- Default: false
Enable this flag to allow native cross region stack references.
Enabling this will create a CloudFormation custom resource in both the producing stack and consuming stack in order to perform the export/import
This feature is currently experimental
public readonly description: string;
- Type: string
- Default: No description.
A description of the stack.
public readonly env: Environment;
- Type: aws-cdk-lib.Environment
- Default: The environment of the containing
Stage
if available, otherwise create the stack will be environment-agnostic.
The AWS environment (account/region) where this stack will be deployed.
Set the region
/account
fields of env
to either a concrete value to
select the indicated environment (recommended for production stacks), or to
the values of environment variables
CDK_DEFAULT_REGION
/CDK_DEFAULT_ACCOUNT
to let the target environment
depend on the AWS credentials/configuration that the CDK CLI is executed
under (recommended for development stacks).
If the Stack
is instantiated inside a Stage
, any undefined
region
/account
fields from env
will default to the same field on the
encompassing Stage
, if configured there.
If either region
or account
are not set nor inherited from Stage
, the
Stack will be considered "environment-agnostic"". Environment-agnostic
stacks can be deployed to any environment but may not be able to take
advantage of all features of the CDK. For example, they will not be able to
use environmental context lookups such as ec2.Vpc.fromLookup
and will not
automatically translate Service Principals to the right format based on the
environment's AWS partition, and other such enhancements.
Example
// Use a concrete account and region to deploy this stack to:
// `.account` and `.region` will simply return these values.
new Stack(app, 'Stack1', {
env: {
account: '123456789012',
region: 'us-east-1'
},
});
// Use the CLI's current credentials to determine the target environment:
// `.account` and `.region` will reflect the account+region the CLI
// is configured to use (based on the user CLI credentials)
new Stack(app, 'Stack2', {
env: {
account: process.env.CDK_DEFAULT_ACCOUNT,
region: process.env.CDK_DEFAULT_REGION
},
});
// Define multiple stacks stage associated with an environment
const myStage = new Stage(app, 'MyStage', {
env: {
account: '123456789012',
region: 'us-east-1'
}
});
// both of these stacks will use the stage's account/region:
// `.account` and `.region` will resolve to the concrete values as above
new MyStack(myStage, 'Stack1');
new YourStack(myStage, 'Stack2');
// Define an environment-agnostic stack:
// `.account` and `.region` will resolve to `{ "Ref": "AWS::AccountId" }` and `{ "Ref": "AWS::Region" }` respectively.
// which will only resolve to actual values by CloudFormation during deployment.
new MyStack(app, 'Stack1');
public readonly permissionsBoundary: PermissionsBoundary;
- Type: aws-cdk-lib.PermissionsBoundary
- Default: no permissions boundary is applied
Options for applying a permissions boundary to all IAM Roles and Users created within this Stage.
public readonly stackName: string;
- Type: string
- Default: Derived from construct path.
Name to deploy the stack with.
public readonly synthesizer: IStackSynthesizer;
- Type: aws-cdk-lib.IStackSynthesizer
- Default:
DefaultStackSynthesizer
if the@aws-cdk/core:newStyleStackSynthesis
feature flag is set,LegacyStackSynthesizer
otherwise.
Synthesis method to use while deploying this stack.
public readonly tags: {[ key: string ]: string};
- Type: {[ key: string ]: string}
- Default: {}
Stack tags that will be applied to all the taggable resources and the stack itself.
public readonly terminationProtection: boolean;
- Type: boolean
- Default: false
Whether to enable termination protection for this stack.