Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
datadog-cdk-constructs-v2
Advanced tools
CDK Construct Library to automatically instrument Python and Node Lambda functions with Datadog using AWS CDK v2
Use this Datadog CDK Construct Library to deploy serverless applications using AWS CDK .
This CDK library automatically configures ingestion of metrics, traces, and logs from your serverless applications by:
WARNING: AWS CDK v1
has reached end-of-support and datadog-cdk-constructs
will no longer be receiving updates. It's strongly recommended to upgrade to AWS CDK v2
(official migration guide) and switch to using datadog-cdk-constructs-v2
.
Two separate versions of Datadog CDK Constructs exist; datadog-cdk-constructs
and datadog-cdk-constructs-v2
. These are designed to work with AWS CDK v1
and AWS CDK v2
respectively.
datadog-cdk-constructs-v2
requires Node >= 14, while datadog-cdk-constructs
supports Node >= 12.datadog-cdk-constructs-v2
contains more features.For use with AWS CDK v2:
yarn add --dev datadog-cdk-constructs-v2
# or
npm install datadog-cdk-constructs-v2 --save-dev
For use with AWS CDK v1:
yarn add --dev datadog-cdk-constructs
# or
npm install datadog-cdk-constructs --save-dev
For use with AWS CDK v2:
pip install datadog-cdk-constructs-v2
For use with AWS CDK v1:
pip install datadog-cdk-constructs
Pay attention to the output from your package manager as the Datadog CDK Construct Library
has peer dependencies.
For use with AWS CDK v2:
go get github.com/DataDog/datadog-cdk-constructs-go/ddcdkconstruct
AWS CDK v1 is not supported.
The following examples assume the use of AWS CDK v2. If you're using CDK v1, import datadog-cdk-constructs
rather than datadog-cdk-constructs-v2
.
Add this to your CDK stack:
import { DatadogLambda } from "datadog-cdk-constructs-v2";
const datadogLambda = new DatadogLambda(this, "datadogLambda", {
nodeLayerVersion: <LAYER_VERSION>,
pythonLayerVersion: <LAYER_VERSION>,
javaLayerVersion: <LAYER_VERSION>,
dotnetLayerVersion: <LAYER_VERSION>
addLayers: <BOOLEAN>,
extensionLayerVersion: "<EXTENSION_VERSION>",
forwarderArn: "<FORWARDER_ARN>",
createForwarderPermissions: <BOOLEAN>,
flushMetricsToLogs: <BOOLEAN>,
site: "<SITE>",
apiKey: "{Datadog_API_Key}",
apiKeySecretArn: "{Secret_ARN_Datadog_API_Key}",
apiKeySecret: <AWS_CDK_ISECRET>, // Only available in datadog-cdk-constructs-v2
apiKmsKey: "{Encrypted_Datadog_API_Key}",
enableDatadogTracing: <BOOLEAN>,
enableMergeXrayTraces: <BOOLEAN>,
enableDatadogLogs: <BOOLEAN>,
injectLogContext: <BOOLEAN>,
logLevel: <STRING>,
env: <STRING>, //Optional
service: <STRING>, //Optional
version: <STRING>, //Optional
tags: <STRING>, //Optional
});
datadogLambda.addLambdaFunctions([<LAMBDA_FUNCTIONS>])
datadogLambda.addForwarderToNonLambdaLogGroups([<LOG_GROUPS>])
import (
"github.com/DataDog/datadog-cdk-constructs-go/ddcdkconstruct"
)
datadogLambda := ddcdkconstruct.NewDatadogLambda(
stack,
jsii.String("Datadog"),
&ddcdkconstruct.DatadogLambdaProps{
NodeLayerVersion: jsii.Number(<LAYER_VERSION>),
AddLayers: jsii.Bool(<BOOLEAN>),
Site: jsii.String(<SITE>),
ApiKey: jsii.String(os.Getenv("DD_API_KEY")),
// ...
})
datadogLambda.AddLambdaFunctions(&[]interface{}{myFunction}, nil)
datadogLambda.AddForwarderToNonLambdaLogGroups()
Source code integration is enabled by default through automatic lambda tagging, and will work if:
The Datadog Github integration is installed.
Your datadog-cdk dependency satisfies either of the below versions:
datadog-cdk-constructs-v2
>= 1.4.0datadog-cdk-constructs
>= 0.8.5If the automatic implementation doesn't work for your case, please follow one of the two guides below.
Note: these alternate guides only work for Typescript.
If the Datadog Github integration is not installed, you need to import the datadog-ci
package and manually upload your Git metadata to Datadog.
For the best results, import the datadog-ci
package where your CDK Stack is initialized.
const app = new cdk.App();
// Make sure to add @datadog/datadog-ci via your package manager
const datadogCi = require("@datadog/datadog-ci");
// Manually uploading Git metadata to Datadog.
datadogCi.gitMetadata.uploadGitCommitHash("{Datadog_API_Key}", "<SITE>");
const app = new cdk.App();
new ExampleStack(app, "ExampleStack", {});
app.synth();
Change your initialization function as follows (in this case, gitHash
value is passed to the CDK):
async function main() {
// Make sure to add @datadog/datadog-ci via your package manager
const datadogCi = require("@datadog/datadog-ci");
const [, gitHash] = await datadogCi.gitMetadata.uploadGitCommitHash("{Datadog_API_Key}", "<SITE>");
const app = new cdk.App();
// Pass in the hash to the ExampleStack constructor
new ExampleStack(app, "ExampleStack", {}, gitHash);
}
Ensure you call this function to initialize your stack.
In your stack constructor, change to add an optional gitHash
parameter, and call addGitCommitMetadata()
:
export class ExampleStack extends cdk.Stack {
constructor(scope: cdk.App, id: string, props?: cdk.StackProps, gitHash?: string) {
...
...
datadogLambda.addGitCommitMetadata([<YOUR_FUNCTIONS>], gitHash)
}
}
To further configure your DatadogLambda construct for Lambda, use the following custom parameters:
Note: The descriptions use the npm package parameters, but they also apply to PyPI and Go package parameters.
npm package parameter | PyPI package parameter | Description |
---|---|---|
addLayers | add_layers | Whether to add the runtime Lambda Layers or expect the user to bring their own. Defaults to true . When true , the Lambda Library version variables are also required. When false , you must include the Datadog Lambda library in your functions' deployment packages. |
pythonLayerVersion | python_layer_version | Version of the Python Lambda layer to install, such as 83 . Required if you are deploying at least one Lambda function written in Python and addLayers is true . Find the latest version number here. |
nodeLayerVersion | node_layer_version | Version of the Node.js Lambda layer to install, such as 100 . Required if you are deploying at least one Lambda function written in Node.js and addLayers is true . Find the latest version number from here. |
javaLayerVersion | java_layer_version | Version of the Java layer to install, such as 8 . Required if you are deploying at least one Lambda function written in Java and addLayers is true . Find the latest version number in the Serverless Java installation documentation. Note: extensionLayerVersion >= 25 and javaLayerVersion >= 5 are required for the DatadogLambda construct to instrument your Java functions properly. |
dotnetLayerVersion | dotnet_layer_version | Version of the .NET layer to install, such as 13 . Required if you are deploying at least one Lambda function written in .NET and addLayers is true . Find the latest version number from here. |
extensionLayerVersion | extension_layer_version | Version of the Datadog Lambda Extension layer to install, such as 5. When extensionLayerVersion is set, apiKey (or if encrypted, apiKMSKey or apiKeySecretArn ) needs to be set as well. When enabled, lambda function log groups will not be subscribed by the forwarder. Learn more about the Lambda extension here. Note: If this parameter is set, it adds a layer even if addLayers is set to false . |
forwarderArn | forwarder_arn | When set, the plugin will automatically subscribe the Datadog Forwarder to the functions' log groups. Do not set forwarderArn when extensionLayerVersion is set. |
createForwarderPermissions | createForwarderPermissions | When set to true , creates a Lambda permission on the the Datadog Forwarder per log group. Since the Datadog Forwarder has permissions configured by default, this is unnecessary in most use cases. |
flushMetricsToLogs | flush_metrics_to_logs | Send custom metrics using CloudWatch logs with the Datadog Forwarder Lambda function (recommended). Defaults to true . If you disable this parameter, it's required to set apiKey (or if encrypted, apiKMSKey or apiKeySecretArn ). |
site | site | Set which Datadog site to send data. This is only used when flushMetricsToLogs is false or extensionLayerVersion is set. Possible values are datadoghq.com , datadoghq.eu , us3.datadoghq.com , us5.datadoghq.com , ap1.datadoghq.com , and ddog-gov.com . The default is datadoghq.com . |
apiKey | api_key | Datadog API Key, only needed when flushMetricsToLogs is false or extensionLayerVersion is set. For more information about getting a Datadog API key, see the API key documentation. |
apiKeySecretArn | api_key_secret_arn | The ARN of the secret storing the Datadog API key in AWS Secrets Manager. Use this parameter in place of apiKey when flushMetricsToLogs is false or extensionLayer is set. Remember to add the secretsmanager:GetSecretValue permission to the Lambda execution role. |
apiKeySecret | api_key_secret | An AWS CDK ISecret representing a secret storing the Datadog API key in AWS Secrets Manager. Use this parameter in place of apiKeySecretArn to automatically grant your Lambda execution roles read access to the given secret. See here for an example. Only available in datadog-cdk-constructs-v2. |
apiKmsKey | api_kms_key | Datadog API Key encrypted using KMS. Use this parameter in place of apiKey when flushMetricsToLogs is false or extensionLayerVersion is set, and you are using KMS encryption. |
enableDatadogTracing | enable_datadog_tracing | Enable Datadog tracing on your Lambda functions. Defaults to true . |
enableMergeXrayTraces | enable_merge_xray_traces | Enable merging X-Ray traces on your Lambda functions. Defaults to false . |
enableDatadogLogs | enable_datadog_logs | Send Lambda function logs to Datadog via the Datadog Lambda Extension. Defaults to true . Note: This setting has no effect on logs sent via the Datadog Forwarder. |
sourceCodeIntegration | source_code_integration | Enable Datadog Source Code Integration, connecting your telemetry with application code in your Git repositories. This requires the Datadog Github integration to work, otherwise please follow the alternative method. Learn more here. Defaults to true . |
injectLogContext | inject_log_context | When set, the Lambda layer will automatically patch console.log with Datadog's tracing ids. Defaults to true . |
logLevel | log_level | When set to debug , the Datadog Lambda Library and Extension will log additional information to help troubleshoot issues. |
env | env | When set along with extensionLayerVersion , a DD_ENV environment variable is added to all Lambda functions with the provided value. When set along with forwarderArn , an env tag is added to all Lambda functions with the provided value. |
service | service | When set along with extensionLayerVersion , a DD_SERVICE environment variable is added to all Lambda functions with the provided value. When set along with forwarderArn , a service tag is added to all Lambda functions with the provided value. |
version | version | When set along with extensionLayerVersion , a DD_VERSION environment variable is added to all Lambda functions with the provided value. When set along with forwarderArn , a version tag is added to all Lambda functions with the provided value. |
tags | tags | A comma separated list of key:value pairs as a single string. When set along with extensionLayerVersion , a DD_TAGS environment variable is added to all Lambda functions with the provided value. When set along with forwarderArn , the cdk parses the string and sets each key:value pair as a tag to all Lambda functions. |
enableColdStartTracing | enable_cold_start_tracing | Set to false to disable Cold Start Tracing. Used in Node.js and Python. Defaults to true . |
coldStartTraceMinDuration | min_cold_start_trace_duration | Sets the minimum duration (in milliseconds) for a module load event to be traced via Cold Start Tracing. Number. Defaults to 3 . |
coldStartTraceSkipLibs | cold_start_trace_skip_libs | Optionally skip creating Cold Start Spans for a comma-separated list of libraries. Useful to limit depth or skip known libraries. Default depends on runtime. |
enableProfiling | enable_profiling | Enable the Datadog Continuous Profiler with true . Supported in Beta for Node.js and Python. Defaults to false . |
encodeAuthorizerContext | encode_authorizer_context | When set to true for Lambda authorizers, the tracing context will be encoded into the response for propagation. Supported for Node.js and Python. Defaults to true . |
decodeAuthorizerContext | decode_authorizer_context | When set to true for Lambdas that are authorized via Lambda authorizers, it will parse and use the encoded tracing context (if found). Supported for Node.js and Python. Defaults to true . |
apmFlushDeadline | apm_flush_deadline | Used to determine when to submit spans before a timeout occurs, in milliseconds. When the remaining time in an AWS Lambda invocation is less than the value set, the tracer attempts to submit the current active spans and all finished spans. Supported for Node.js and Python. Defaults to 100 milliseconds. |
redirectHandler | redirect_handler | When set to false , skip redirecting handler to the Datadog Lambda Library's handler. Useful when only instrumenting with Datadog Lambda Extension. Defaults to true . |
Note: Using the parameters above may override corresponding function level DD_XXX
environment variables.
Enable X-Ray Tracing on your Lambda functions. For more information, see CDK documentation.
import * as lambda from "aws-cdk-lib/aws-lambda";
const lambda_function = new lambda.Function(this, "HelloHandler", {
runtime: lambda.Runtime.NODEJS_14_X,
code: lambda.Code.fromAsset("lambda"),
handler: "hello.handler",
tracing: lambda.Tracing.ACTIVE,
});
Add the Datadog CDK Construct to each stack you wish to instrument with Datadog. In the example below, we initialize the Datadog CDK Construct and call addLambdaFunctions()
in both the RootStack
and NestedStack
.
import { DatadogLambda } from "datadog-cdk-constructs-v2";
import * as cdk from "aws-cdk-lib";
import { Construct } from "constructs";
class RootStack extends cdk.Stack {
constructor(scope: cdk.App, id: string, props?: cdk.StackProps) {
super(scope, id, props);
new NestedStack(this, "NestedStack");
const datadogLambda = new DatadogLambda(this, "DatadogLambda", {
nodeLayerVersion: <LAYER_VERSION>,
pythonLayerVersion: <LAYER_VERSION>,
javaLayerVersion: <LAYER_VERSION>,
dotnetLayerVersion: <LAYER-VERSION>,
addLayers: <BOOLEAN>,
forwarderArn: "<FORWARDER_ARN>",
flushMetricsToLogs: <BOOLEAN>,
site: "<SITE>",
apiKey: "{Datadog_API_Key}",
apiKeySecretArn: "{Secret_ARN_Datadog_API_Key}",
apiKmsKey: "{Encrypted_Datadog_API_Key}",
enableDatadogTracing: <BOOLEAN>,
enableMergeXrayTraces: <BOOLEAN>,
enableDatadogLogs: <BOOLEAN>,
injectLogContext: <BOOLEAN>
});
datadogLambda.addLambdaFunctions([<LAMBDA_FUNCTIONS>]);
}
}
class NestedStack extends cdk.NestedStack {
constructor(scope: Construct, id: string, props?: cdk.NestedStackProps) {
super(scope, id, props);
const datadogLambda = new DatadogLambda(this, "DatadogLambda", {
nodeLayerVersion: <LAYER_VERSION>,
pythonLayerVersion: <LAYER_VERSION>,
javaLayerVersion: <LAYER_VERSION>,
dotnetLayerVersion: <LAYER-VERSION>,
addLayers: <BOOLEAN>,
forwarderArn: "<FORWARDER_ARN>",
flushMetricsToLogs: <BOOLEAN>,
site: "<SITE>",
apiKey: "{Datadog_API_Key}",
apiKeySecretArn: "{Secret_ARN_Datadog_API_Key}",
apiKmsKey: "{Encrypted_Datadog_API_Key}",
enableDatadogTracing: <BOOLEAN>,
enableMergeXrayTraces: <BOOLEAN>,
enableDatadogLogs: <BOOLEAN>,
injectLogContext: <BOOLEAN>
});
datadogLambda.addLambdaFunctions([<LAMBDA_FUNCTIONS>]);
}
}
Add tags to your constructs. We recommend setting an env
and service
tag to tie Datadog telemetry together. For more information see official AWS documentation and CDK documentation.
Only available in datadog-cdk-constructs-v2
To automatically grant your Lambda execution roles read access to a given secret, pass in apiKeySecret
in place of apiKeySecretArn
when initializing the DatadogLambda construct.
const { Secret } = require('aws-cdk-lib/aws-secretsmanager');
const secret = Secret.fromSecretPartialArn(this, 'DatadogApiKeySecret', 'arn:aws:secretsmanager:us-west-1:123:secret:DATADOG_API_KEY');
const datadogLambda = new DatadogLambda(this, 'DatadogLambda', {
...
apiKeySecret: secret
...
});
When addLambdaFunctions
is called, the Datadog CDK construct grants your Lambda execution roles read access to the given AWS secret. This is done through the AWS ISecret's grantRead function.
The DatadogLambda construct takes in a list of lambda functions and installs the Datadog Lambda Library by attaching the Lambda Layers for .NET, Java, Node.js, and Python to your functions. It redirects to a replacement handler that initializes the Lambda Library without any required code changes. Additional configurations added to the Datadog CDK construct will also translate into their respective environment variables under each lambda function (if applicable / required).
While Lambda function based log groups are handled by the addLambdaFunctions
method automatically, the construct has an additional function addForwarderToNonLambdaLogGroups
which subscribes the forwarder to any additional log groups of your choosing.
Only AWS CDK v2 is supported.
Example stack: step-functions-typescript-stack
import * as sfn from "aws-cdk-lib/aws-stepfunctions";
import { DatadogStepFunctions} from "datadog-cdk-constructs-v2";
const stateMachine = new sfn.StateMachine(...);
const datadogSfn = new DatadogStepFunctions(this, "DatadogSfn", {
env: "<ENV>", // e.g. "dev"
service: "<SERVICE>", // e.g. "my-cdk-service"
version: "<VERSION>", // e.g. "1.0.0"
forwarderArn: "<FORWARDER_ARN>", // e.g. "arn:test:forwarder:sa-east-1:12345678:1"
tags: <TAGS>, // optional, e.g. "custom-tag-1:tag-value-1,custom-tag-2:tag-value-2"
});
datadogSfn.addStateMachines([stateMachine]);
To merge the Step Function's traces with downstream Lambda function or Step function's traces, modify the Lambda task payload or Step Function task input:
import * as tasks from "aws-cdk-lib/aws-stepfunctions-tasks";
import * as sfn from "aws-cdk-lib/aws-stepfunctions";
import { DatadogStepFunctions, DatadogLambda } from "datadog-cdk-constructs-v2";
const lambdaFunction = ...;
const lambdaTask = new tasks.LambdaInvoke(this, "MyLambdaTask", {
lambdaFunction: lambdaFunction,
payload: sfn.TaskInput.fromObject(
DatadogStepFunctions.buildLambdaPayloadToMergeTraces(
{ "custom-key": "custom-value" }
)
),
});
const childStateMachine = new sfn.StateMachine(...);
const invokeChildStateMachineTask = new tasks.StepFunctionsStartExecution(this, "InvokeChildStateMachineTask", {
stateMachine: childStateMachine,
input: sfn.TaskInput.fromObject(
DatadogStepFunctions.buildStepFunctionTaskInputToMergeTraces({ "custom-key": "custom-value" }),
),
});
const stateMachine = new sfn.StateMachine(this, "CdkTypeScriptTestStateMachine", {
definitionBody: sfn.DefinitionBody.fromChainable(lambdaTask.next(invokeChildStateMachineTask)),
});
const datadogLambda = ...;
datadogLambda.addLambdaFunctions([lambdaFunction]);
const datadogSfn = ...;
datadogSfn.addStateMachines([childStateMachine, stateMachine]);
Example stack: step-functions-python-stack
from aws_cdk import (
aws_stepfunctions as sfn,
aws_stepfunctions_tasks as tasks,
)
from datadog_cdk_constructs_v2 import DatadogStepFunctions, DatadogLambda
state_machine = sfn.StateMachine(...)
datadog_sfn = DatadogStepFunctions(
self,
"DatadogSfn",
env="<ENV>", # e.g. "dev"
service="<SERVICE>", # e.g. "my-cdk-service"
version="<VERSION>", # e.g. "1.0.0"
forwarderArn="<FORWARDER_ARN>", # e.g. "arn:test:forwarder:sa-east-1:12345678:1"
tags=<TAGS>, # optional, e.g. "custom-tag-1:tag-value-1,custom-tag-2:tag-value-2"
)
datadog_sfn.add_state_machines([child_state_machine, parent_state_machine])
To merge the Step Function's traces with downstream Lambda function or Step function's traces, modify the Lambda task payload or Step Function task input:
from aws_cdk import (
aws_lambda,
aws_stepfunctions as sfn,
aws_stepfunctions_tasks as tasks,
)
from datadog_cdk_constructs_v2 import DatadogStepFunctions, DatadogLambda
lambda_function = aws_lambda.Function(...)
lambda_task = tasks.LambdaInvoke(
self,
"MyLambdaTask",
lambda_function=lambda_function,
payload=sfn.TaskInput.from_object(
DatadogStepFunctions.build_lambda_payload_to_merge_traces(
{"custom-key": "custom-value"}
)
),
)
child_state_machine = sfn.StateMachine(...)
invoke_child_state_machine_task = tasks.StepFunctionsStartExecution(
self,
"InvokeChildStateMachineTask",
state_machine=child_state_machine,
input=sfn.TaskInput.from_object(
DatadogStepFunctions.build_step_function_task_input_to_merge_traces(
{"custom-key": "custom-value"}
)
),
)
state_machine = sfn.StateMachine(
self,
"CdkPythonTestStateMachine",
definition_body=sfn.DefinitionBody.from_chainable(
lambda_task.next(invoke_child_state_machine_task)
),
)
datadog_lambda = DatadogLambda(...)
datadog_lambda.add_lambda_functions([lambda_function])
datadog_sfn = DatadogStepFunctions(...)
datadog_sfn.add_state_machines([child_state_machine, state_machine])
Example stack: step-functions-go-stack
import (
"github.com/DataDog/datadog-cdk-constructs-go/ddcdkconstruct"
"github.com/aws/aws-cdk-go/awscdk/v2"
sfn "github.com/aws/aws-cdk-go/awscdk/v2/awsstepfunctions"
)
stack := awscdk.NewStack(...)
stateMachine := sfn.NewStateMachine(...)
datadogSfn := ddcdkconstruct.NewDatadogStepFunctions(
stack,
jsii.String("DatadogSfn"),
&ddcdkconstruct.DatadogStepFunctionsProps{
Env: jsii.String("<ENV>"), // e.g. "dev"
Service: jsii.String("<SERVICE>), // e.g. "my-cdk-service"
Version: jsii.String("<VERSION>"), // e.g. "1.0.0"
ForwarderArn: jsii.String("<FORWARDER_ARN>"), // e.g. "arn:test:forwarder:sa-east-1:12345678:1"
Tags: jsii.String("<TAGS>"), // optional, e.g. "custom-tag-1:tag-value-1,custom-tag-2:tag-value-2"
}
)
datadogSfn.AddStateMachines(&[]sfn.StateMachine{stateMachine}, nil)
To merge the Step Function's traces with downstream Lambda function or Step function's traces, modify the Lambda task payload or Step Function task input:
import (
"github.com/DataDog/datadog-cdk-constructs-go/ddcdkconstruct"
"github.com/aws/aws-cdk-go/awscdk/v2/awslambda"
sfn "github.com/aws/aws-cdk-go/awscdk/v2/awsstepfunctions"
sfntasks "github.com/aws/aws-cdk-go/awscdk/v2/awsstepfunctionstasks"
"github.com/aws/jsii-runtime-go"
)
lambdaFunction := awslambda.NewFunction(...)
lambdaPayload := ddcdkconstruct.DatadogStepFunctions_BuildLambdaPayloadToMergeTraces(&map[string]interface{}{
"custom-key": "custom-value",
})
lambdaTask := sfntasks.NewLambdaInvoke(stack, jsii.String("MyLambdaTask"), &sfntasks.LambdaInvokeProps{
LambdaFunction: lambdaFunction,
Payload: sfn.TaskInput_FromObject(lambdaPayload),
})
childStateMachine := sfn.NewStateMachine(...)
stateMachineTaskInput := ddcdkconstruct.DatadogStepFunctions_BuildStepFunctionTaskInputToMergeTraces(
&map[string]interface{}{
"custom-key": "custom-value",
}
)
invokeChildStateMachineTask := sfntasks.NewStepFunctionsStartExecution(
stack,
jsii.String("InvokeChildStateMachineTask"),
&sfntasks.StepFunctionsStartExecutionProps{
StateMachine: childStateMachine,
Input: sfn.TaskInput_FromObject(stateMachineTaskInput),
}
)
stateMachine := sfn.NewStateMachine(stack, jsii.String("CdkGoTestStateMachine"), &sfn.StateMachineProps{
DefinitionBody: sfn.DefinitionBody_FromChainable(lambdaTask.Next(invokeChildStateMachineTask)),
})
datadogLambda := ...
datadogLambda.AddLambdaFunctions(&[]interface{}{lambdaFunction}, nil)
datadogSfn := ...
datadogSfn.AddStateMachines(&[]sfn.StateMachine{childStateMachine, stateMachine}, nil)
Parameters for creating the DatadogStepFunctions
construct:
npm package parameter | PyPI package parameter | Go package parameter | Description |
---|---|---|---|
env | env | Env | The env tag to be added to the state machine. |
service | service | Service | The service tag to be added to the state machine. |
version | version | Version | The version tag to be added to the state machine. |
forwarderArn | forwarder_arn | ForwarderArn | ARN or Datadog Forwarder, which will subscribe to the state machine's log group. |
tags | tags | Tags | A comma separated list of key:value pairs as a single string, which will be added to the state machine's tags. |
The DatadogStepFunctions
construct takes in a list of state machines and for each of them:
Set up logging, including:
Subscribe Datadog Forwarder to the state machine's log group
Set tags, including:
env
service
version
DD_TRACE_ENABLED
: true
. This enables tracing.
false
from AWS Management Console after the stack is deployed.dd_cdk_construct
version tag
custom tags passed as the tags
paramater to DatadogStepFunctions
construct
To merge the Step Function's traces with downstream Lambda function or Step function's traces, the construct adds $$.Execution
, $$.State
and $$.StateMachine
fields into the Step Function task input or Lambda task payload.
If cdk deploy
fails with an error like:
Resource of type 'AWS::Logs::LogGroup' with identifier '{"/properties/LogGroupName":"/aws/vendedlogs/states/CdkStepFunctionsTypeScriptStack1-CdkTypeScriptTestChildStateMachine-Logs-dev"}' already exists.
You have two options:
import * as logs from 'aws-cdk-lib/aws-logs';
const logGroupName = "/aws/vendedlogs/states/xxx";
const logGroup = logs.LogGroup.fromLogGroupName(stack, 'StateMachineLogGroup', logGroupName);
const stateMachine = new sfn.StateMachine(stack, 'MyStateMachine', {
logs: {
destination: logGroup,
},
...
});
The Datadog CDK Construct Libraries use Projen to maintain project configuration files such as the package.json
, .gitignore
, .npmignore
, etc. Most of the configuration files will be protected by Projen via read-only permissions. In order to change these files, edit the .projenrc.js
file, then run npx projen
to synthesize the new changes. Check out Projen for more details.
If you encounter a bug with this package, we want to hear about it. Before opening a new issue, search the existing issues to avoid duplicates.
When opening an issue, include the Datadog CDK Construct version, Node version, and stack trace if available. In addition, include the steps to reproduce when appropriate.
You can also open an issue for a feature request.
If you find an issue with this package and have a fix, please feel free to open a pull request following the procedures.
If you contribute to this package you can run the tests using yarn test
. This package also includes a sample application for manual testing:
yarn watch
, this will ensure the Typescript files in the src
directory are compiled to Javascript in the lib
directory.src/sample
, here you can edit index.ts
to test your contributions manually.npx cdk --app lib/sample/index.js <CDK Command>
, replacing <CDK Command>
with common CDK commands like synth
, diff
, or deploy
.To display the debug logs for this library for Lambda, set the DD_CONSTRUCT_DEBUG_LOGS
env var to true
when running cdk synth
(use --quiet
to suppress generated template output).
Example: Ensure you are at the root directory
DD_CONSTRUCT_DEBUG_LOGS=true npx cdk --app lib/sample/index.js synth --quiet
For product feedback and questions, join the #serverless
channel in the Datadog community on Slack.
Unless explicitly stated otherwise all files in this repository are licensed under the Apache License Version 2.0.
This product includes software developed at Datadog (https://www.datadoghq.com/). Copyright 2021 Datadog, Inc.
FAQs
CDK Construct Library to automatically instrument Python and Node Lambda functions with Datadog using AWS CDK v2
We found that datadog-cdk-constructs-v2 demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.