CDK Construct Library to automatically instrument Python and Node Lambda functions with Datadog using AWS CDK v2
Project description
Datadog CDK Constructs
Use this Datadog CDK Construct Library to deploy serverless applications using AWS CDK .
This CDK library automatically configures ingestion of metrics, traces, and logs from your serverless applications by:
- Installing and configuring the Datadog Lambda library for your Python and Node.js Lambda functions.
- Enabling the collection of traces and custom metrics from your Lambda functions.
- Managing subscriptions from the Datadog Forwarder to your Lambda and non-Lambda log groups.
AWS CDK v1 vs AWS CDK v2
Two separate versions of Datadog CDK Constructs exist; datadog-cdk-constructs
and datadog-cdk-constructs-v2
. These are designed to work with AWS CDK v1
and AWS CDK v2
respectively.
datadog-cdk-constructs-v2
requires Node 14+, whiledatadog-cdk-constructs-v1
supports Node 12+.- Otherwise, the use of the two packages is identical.
npm Package Installation:
For use with AWS CDK v2:
yarn add --dev datadog-cdk-constructs-v2
# or
npm install datadog-cdk-constructs-v2 --save-dev
For use with AWS CDK v1:
yarn add --dev datadog-cdk-constructs
# or
npm install datadog-cdk-constructs --save-dev
PyPI Package Installation:
For use with AWS CDK v2:
pip install datadog-cdk-constructs-v2
For use with AWS CDK v1:
pip install datadog-cdk-constructs
Note:
Pay attention to the output from your package manager as the Datadog CDK Construct Library
has peer dependencies.
Usage
AWS CDK
- If you are new to AWS CDK then check out this workshop.
- The following examples assume the use of AWS CDK v2. If you're using CDK v1, import
datadog-cdk-constructs
rather thandatadog-cdk-constructs-v2
.
Add this to your CDK stack:
import { Datadog } from "datadog-cdk-constructs-v2";
const datadog = new Datadog(this, "Datadog", {
nodeLayerVersion: <LAYER_VERSION>,
pythonLayerVersion: <LAYER_VERSION>,
addLayers: <BOOLEAN>,
extensionLayerVersion: "<EXTENSION_VERSION>",
forwarderArn: "<FORWARDER_ARN>",
createForwarderPermissions: <BOOLEAN>,
flushMetricsToLogs: <BOOLEAN>,
site: "<SITE>",
apiKey: "{Datadog_API_Key}",
apiKeySecretArn: "{Secret_ARN_Datadog_API_Key}",
apiKmsKey: "{Encrypted_Datadog_API_Key}",
enableDatadogTracing: <BOOLEAN>,
enableMergeXrayTraces: <BOOLEAN>,
enableDatadogLogs: <BOOLEAN>,
injectLogContext: <BOOLEAN>,
logLevel: <STRING>,
env: <STRING>, //Optional
service: <STRING>, //Optional
version: <STRING>, //Optional
tags: <STRING>, //Optional
});
datadog.addLambdaFunctions([<LAMBDA_FUNCTIONS>])
datadog.addForwarderToNonLambdaLogGroups([<LOG_GROUPS>])
Optionally, if you'd like to enable source code integration (Typescript only), you'll need to make a few changes to your stack setup since the AWS CDK does not support async functions.
Change your initialization function as follows (note: we're changing this to pass the gitHash
value to the CDK):
async function main() {
// Make sure to add @datadog/datadog-ci via your package manager
const datadogCi = require("@datadog/datadog-ci");
const [, gitHash] = await datadogCi.gitMetadata.uploadGitCommitHash('{Datadog_API_Key}', '<SITE>')
const app = new cdk.App();
// Pass in the hash to the ExampleStack constructor
new ExampleStack(app, "ExampleStack", {}, gitHash);
}
In your stack constructor, change to add an optional gitHash
parameter, and call addGitCommitMetadata()
:
export class ExampleStack extends cdk.Stack {
constructor(scope: cdk.App, id: string, props?: cdk.StackProps, gitHash?: string) {
...
...
datadog.addGitCommitMetadata([<YOUR_FUNCTIONS>], gitHash)
}
}
Configuration
To further configure your Datadog construct, use the following custom parameters:
Note: The descriptions use the npm package parameters, but they also apply to the PyPI package parameters.
npm package parameter | PyPI package parameter | Description |
---|---|---|
addLayers |
add_layers |
Whether to add the Lambda Layers or expect the user to bring their own. Defaults to true. When true, the Lambda Library version variables are also required. When false, you must include the Datadog Lambda library in your functions' deployment packages. |
pythonLayerVersion |
python_layer_version |
Version of the Python Lambda layer to install, such as 21. Required if you are deploying at least one Lambda function written in Python and addLayers is true. Find the latest version number here. |
nodeLayerVersion |
node_layer_version |
Version of the Node.js Lambda layer to install, such as 29. Required if you are deploying at least one Lambda function written in Node.js and addLayers is true. Find the latest version number from here. |
extensionLayerVersion |
extension_layer_version |
Version of the Datadog Lambda Extension layer to install, such as 5. When extensionLayerVersion is set, apiKey (or if encrypted, apiKMSKey or apiKeySecretArn ) needs to be set as well. When enabled, lambda function log groups will not be subscribed by the forwarder. Learn more about the Lambda extension here. |
forwarderArn |
forwarder_arn |
When set, the plugin will automatically subscribe the Datadog Forwarder to the functions' log groups. Do not set forwarderArn when extensionLayerVersion is set. |
createForwarderPermissions |
createForwarderPermissions |
When set to true , creates a Lambda permission on the the Datadog Forwarder per log group. Since the Datadog Forwarder has permissions configured by default, this is unnecessary in most use cases. |
flushMetricsToLogs |
flush_metrics_to_logs |
Send custom metrics using CloudWatch logs with the Datadog Forwarder Lambda function (recommended). Defaults to true . If you disable this parameter, it's required to set apiKey (or if encrypted, apiKMSKey or apiKeySecretArn ). |
site |
site |
Set which Datadog site to send data. This is only used when flushMetricsToLogs is false or extensionLayerVersion is set. Possible values are datadoghq.com , datadoghq.eu , us3.datadoghq.com , us5.datadoghq.com , and ddog-gov.com . The default is datadoghq.com . |
apiKey |
api_key |
Datadog API Key, only needed when flushMetricsToLogs is false or extensionLayerVersion is set. For more information about getting a Datadog API key, see the API key documentation. |
apiKeySecretArn |
api_key_secret_arn |
The ARN of the secret storing the Datadog API key in AWS Secrets Manager. Use this parameter in place of apiKey when flushMetricsToLogs is false or extensionLayer is set. Remember to add the secretsmanager:GetSecretValue permission to the Lambda execution role. |
apiKmsKey |
api_kms_key |
Datadog API Key encrypted using KMS. Use this parameter in place of apiKey when flushMetricsToLogs is false or extensionLayerVersion is set, and you are using KMS encryption. |
enableDatadogTracing |
enable_datadog_tracing |
Enable Datadog tracing on your Lambda functions. Defaults to true . |
enableMergeXrayTraces |
enable_merge_xray_traces |
Enable merging X-Ray traces on your Lambda functions. Defaults to false . |
enableDatadogLogs |
enable_datadog_logs |
Send Lambda function logs to Datadog via the Datadog Lambda Extension. Defaults to true . Note: This setting has no effect on logs sent via the Datadog Forwarder. |
injectLogContext |
inject_log_context |
When set, the Lambda layer will automatically patch console.log with Datadog's tracing ids. Defaults to true . |
logLevel |
log_level |
When set to debug , the Datadog Lambda Library and Extension will log additional information to help troubleshoot issues. |
env |
env |
When set along with extensionLayerVersion , a DD_ENV environment variable is added to all Lambda functions with the provided value. When set along with forwarderArn , an env tag is added to all Lambda functions with the provided value. |
service |
service |
When set along with extensionLayerVersion , a DD_SERVICE environment variable is added to all Lambda functions with the provided value. When set along with forwarderArn , a service tag is added to all Lambda functions with the provided value. |
version |
version |
When set along with extensionLayerVersion , a DD_VERSION environment variable is added to all Lambda functions with the provided value. When set along with forwarderArn , a version tag is added to all Lambda functions with the provided value. |
tags |
tags |
A comma separated list of key:value pairs as a single string. When set along with extensionLayerVersion , a DD_TAGS environment variable is added to all Lambda functions with the provided value. When set along with forwarderArn , the cdk parses the string and sets each key:value pair as a tag to all Lambda functions. |
Note: env
, service
, version
, and tags
override function level DD_XXX
environment variables.
Tracing
Enable X-Ray Tracing on your Lambda functions. For more information, see CDK documentation.
import * as lambda from "aws-cdk-lib/aws-lambda";
const lambda_function = new lambda.Function(this, "HelloHandler", {
runtime: lambda.Runtime.NODEJS_14_X,
code: lambda.Code.fromAsset("lambda"),
handler: "hello.handler",
tracing: lambda.Tracing.ACTIVE,
});
Nested Stacks
Add the Datadog CDK Construct to each stack you wish to instrument with Datadog. In the example below, we initialize the Datadog CDK Construct and call addLambdaFunctions()
in both the RootStack
and NestedStack
.
import { Datadog } from "datadog-cdk-constructs-v2";
import * as cdk from "aws-cdk-lib";
import { Construct } from "constructs";
class RootStack extends cdk.Stack {
constructor(scope: cdk.App, id: string, props?: cdk.StackProps) {
super(scope, id, props);
new NestedStack(this, "NestedStack");
const datadog = new Datadog(this, "Datadog", {
nodeLayerVersion: <LAYER_VERSION>,
pythonLayerVersion: <LAYER_VERSION>,
addLayers: <BOOLEAN>,
forwarderArn: "<FORWARDER_ARN>",
flushMetricsToLogs: <BOOLEAN>,
site: "<SITE>",
apiKey: "{Datadog_API_Key}",
apiKeySecretArn: "{Secret_ARN_Datadog_API_Key}",
apiKmsKey: "{Encrypted_Datadog_API_Key}",
enableDatadogTracing: <BOOLEAN>,
enableMergeXrayTraces: <BOOLEAN>,
enableDatadogLogs: <BOOLEAN>,
injectLogContext: <BOOLEAN>
});
datadog.addLambdaFunctions([<LAMBDA_FUNCTIONS>]);
}
}
class NestedStack extends cdk.NestedStack {
constructor(scope: Construct, id: string, props?: cdk.NestedStackProps) {
super(scope, id, props);
const datadog = new Datadog(this, "Datadog", {
nodeLayerVersion: <LAYER_VERSION>,
pythonLayerVersion: <LAYER_VERSION>,
addLayers: <BOOLEAN>,
forwarderArn: "<FORWARDER_ARN>",
flushMetricsToLogs: <BOOLEAN>,
site: "<SITE>",
apiKey: "{Datadog_API_Key}",
apiKeySecretArn: "{Secret_ARN_Datadog_API_Key}",
apiKmsKey: "{Encrypted_Datadog_API_Key}",
enableDatadogTracing: <BOOLEAN>,
enableMergeXrayTraces: <BOOLEAN>,
enableDatadogLogs: <BOOLEAN>,
injectLogContext: <BOOLEAN>
});
datadog.addLambdaFunctions([<LAMBDA_FUNCTIONS>]);
}
}
Tags
Add tags to your constructs. We recommend setting an env
and service
tag to tie Datadog telemetry together. For more information see official AWS documentation and CDK documentation.
How it works
The Datadog CDK construct takes in a list of lambda functions and installs the Datadog Lambda Library by attaching the Lambda Layers for Node.js and Python to your functions. It redirects to a replacement handler that initializes the Lambda Library without any required code changes. Additional configurations added to the Datadog CDK construct will also translate into their respective environment variables under each lambda function (if applicable / required).
While Lambda function based log groups are handled by the addLambdaFunctions
method automatically, the construct has an additional function addForwarderToNonLambdaLogGroups
which subscribes the forwarder to any additional log groups of your choosing.
Resources to learn about CDK
Repository Structure
In this repository, the folders v1
and v2
correspond to the packages datadog-cdk-constructs
and datadog-cdk-contructs-v2
. Each can be treated as a separate project (they are separate projen projects with separate dependencies, config files, tests, and scripts).
Additionally, there is a common
folder that contains shared logic common to both v1
and v2
packages. This is done by soft-linking a common
folder within v1/src
and v2/src
to the common
folder in the root of the repository.
Using Projen
The v1
and v2
Datadog CDK Construct Libraries both use Projen to maintain project configuration files such as the package.json
, .gitignore
, .npmignore
, etc. Most of the configuration files will be protected by Projen via read-only permissions. In order to change these files, edit the .projenrc.js
file within v1
or v2
folders, then run npx projen
(while in v1
or v2
) to synthesize the new changes. Check out Projen for more details.
Opening Issues
If you encounter a bug with this package, we want to hear about it. Before opening a new issue, search the existing issues to avoid duplicates.
When opening an issue, include the Datadog CDK Construct version, Node version, and stack trace if available. In addition, include the steps to reproduce when appropriate.
You can also open an issue for a feature request.
Contributing
If you find an issue with this package and have a fix, please feel free to open a pull request following the procedures.
Testing
If you contribute to this package you can run the tests using yarn test
within the v1
or v2
folders. This package also includes a sample application for manual testing:
- Open a seperate terminal and
cd
intov1
orv2
. - Run
yarn watch
, this will ensure the Typescript files in thesrc
directory are compiled to Javascript in thelib
directory. - Navigate to
src/sample
, here you can editindex.ts
to test your contributions manually. - At the root of the
v1
orv2
directory (whichever you are working on), runnpx cdk --app lib/sample/index.js <CDK Command>
, replacing<CDK Command>
with common CDK commands likesynth
,diff
, ordeploy
.
- Note, if you receive "... is not authorized to perform: ..." you may also need to authorize the commands with your AWS credentials.
Debug Logs
To display the debug logs for this library, set the DD_CONSTRUCT_DEBUG_LOGS
env var to true
when running cdk synth
(use --quiet
to suppress generated template output).
Example:
Ensure you are at the root of the v1
or v2
directory
DD_CONSTRUCT_DEBUG_LOGS=true npx cdk --app lib/sample/index.js synth --quiet
Community
For product feedback and questions, join the #serverless
channel in the Datadog community on Slack.
License
Unless explicitly stated otherwise all files in this repository are licensed under the Apache License Version 2.0.
This product includes software developed at Datadog (https://www.datadoghq.com/). Copyright 2021 Datadog, Inc.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for datadog-cdk-constructs-v2-1.1.0.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | a69e05b90310e9ae64b30692db7d8beb621fbad54f796ab9d519ea92bf6fc132 |
|
MD5 | 09940113babf8f78a0e1aa49afd39f7f |
|
BLAKE2b-256 | 7f1b567e050fc6a7b5edea57c61ec9396c2bfda6ecc6f6f80406ef5a2663c771 |
Hashes for datadog_cdk_constructs_v2-1.1.0-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 364281c5294228554d645209eceb6af5963516dd6362f4712e170d879f2fc65a |
|
MD5 | 1e86f541e511d84dee55dce73e122b81 |
|
BLAKE2b-256 | eb085203736853f7bbea6117aa55b2cc19b6983250e595c8968142ac5815ccf3 |