A CLI tool for managing DataDog AWS integrations

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for tomburge from gravatar.com tomburge

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT License (MIT)
  • Author: Tom Burge
  • Tags aws , cli , datadog , devops , integration , monitoring
  • Requires: Python >=3.12
Classifiers
Report project as malware

Project description

DataDog AWS Integration CLI

A command-line tool for managing DataDog AWS integrations with ease.

Features

  • ๐Ÿš€ Easy setup of DataDog integrations for AWS accounts
  • ๐Ÿ”ง Automated IAM role and policy creation/management
  • โœ… Comprehensive status checking and validation
    • IAM role and policy verification
    • DataDog account configuration validation
    • Settings comparison (regions, services, metrics, resources)
  • ๐Ÿ”„ Update existing integrations (regions, services, metrics, resources)
  • ๐Ÿ—‘๏ธ Clean deletion of integrations
  • ๐ŸŽจ Beautiful terminal output with tables and colors
  • โš™๏ธ Flexible configuration via .env files or CLI arguments
  • ๐Ÿ”’ Dry-run mode to preview changes before applying
  • ๐Ÿ“ Verbose logging for debugging
  • ๐Ÿ“Š JSON output support for automation
  • ๐Ÿ” Support for multiple AWS partitions (standard, GovCloud, China)
  • โšก No complex YAML configuration required

Build Status

Test Build

Publish to TestPyPI

Publish to PyPI

Installation

Using UV (Recommended)

UV is a blazing-fast Python package manager.

# Install UV if you haven't already
curl -LsSf https://astral.sh/uv/install.sh | sh
# or on Windows:
powershell -c "irm https://astral.sh/uv/install.ps1 | iex"

# Clone the repository
git clone <repository-url>
cd datadog-utility

# Create a virtual environment and install dependencies
uv venv
uv pip install -e .

Using pip

# Clone the repository
git clone <repository-url>
cd datadog-utility

# Create and activate virtual environment
python -m venv .venv
source .venv/bin/activate  # On Windows: .venv\Scripts\activate

# Install the CLI tool
pip install -e .

After installation, the ddutil command will be available globally.

Quick Start

1. Set Up Environment Variables

Copy the example .env file and fill in your credentials:

cp .env.example .env

Edit .env with your values:

# Required
DD_API_KEY=your_datadog_api_key
DD_APP_KEY=your_datadog_app_key
AWS_ACCOUNT_ID=123456789012

# Optional but commonly used
DD_ACCOUNT_ID=your_dd_account_id
AWS_PROFILE=default
DD_IAM_ROLE_NAME=datadog-integration-role

2. Preview the Setup (Dry-Run)

ddutil setup --dry-run

3. Apply the Changes

ddutil setup

That's it! The tool will:

  • Create the necessary IAM role and policies
  • Configure the DataDog integration
  • Update the IAM role with the external ID from DataDog

Usage

Available Commands

ddutil --help              # Show all available commands
ddutil --version           # Show version information
ddutil --license           # Show license information
ddutil -v, --verbose       # Enable verbose output for any command
ddutil -q, --quiet         # Suppress non-error output

Commands:

  • setup - Set up DataDog integration for an AWS account
  • status - Check the status of DataDog integration and validate configuration
  • update - Update an existing DataDog integration
  • delete - Delete DataDog integration for an AWS account

Quick Reference

# Setup with defaults from .env
ddutil setup

# Preview setup without making changes
ddutil setup --dry-run

# Check configuration status and validation
ddutil status

# Update configuration
ddutil update --regions us-east-1,us-west-2

# Delete integration (with confirmation)
ddutil delete --confirm

# Any command with verbose output
ddutil --verbose <command>

Setup Command

Set up DataDog integration for an AWS account:

# Using environment variables (.env file)
ddutil setup

# Override with CLI arguments
ddutil setup --account-id 123456789012 --dd-account-id YOUR_DD_ACCOUNT_ID

# Specify AWS profile
ddutil setup --profile aws-prod

# Dry-run mode (preview changes without applying)
ddutil setup --dry-run

# Verbose output (shows debug logs)
ddutil --verbose setup

# Specify regions and services
ddutil setup --regions us-east-1,us-west-2 --services AWS/Lambda,AWS/EC2

# Configure metric and resource collection
ddutil setup --metric-automute true --metric-collect-cloudwatch true \
  --resource-collect-cspm false --resource-collect-extended true

# Specify AWS partition (for GovCloud or China regions)
ddutil setup --partition aws-us-gov

Status Command

Check the status of an existing integration and validate configuration:

# Basic status check
ddutil status

# Check specific account
ddutil status --account-id 123456789012

# Use specific AWS profile
ddutil status --profile aws-prod

# JSON output for programmatic use
ddutil status --output json

# Verbose output with debug info
ddutil --verbose status

The status command validates:

  • โœ… IAM role existence and policies
  • โœ… DataDog account registration
  • โœ… Configuration sync (regions, services, partition)
  • โœ… Metric settings (automute, CloudWatch, custom metrics)
  • โœ… Resource settings (CSPM, extended collection)
  • โœ… Role name and External ID matching

Update Command

Update an existing integration:

# Update services monitored
ddutil update --services AWS/Lambda,AWS/EC2,AWS/RDS

# Update regions
ddutil update --regions us-west-2,eu-west-1

# Update metric settings
ddutil update --metric-collect-custom true --metric-automute false

# Update resource collection
ddutil update --resource-collect-cspm true

# Preview changes before applying
ddutil update --regions us-west-2,eu-west-1 --dry-run

# Update with verbose output
ddutil --verbose update --services AWS/Lambda

Delete Command

Remove DataDog integration:

# With confirmation prompt (interactive)
ddutil delete

# Specify account ID
ddutil delete --account-id 123456789012

# Skip confirmation prompt (for automation)
ddutil delete --confirm

# Delete with specific role name
ddutil delete --role-name custom-datadog-role --confirm

# Use specific AWS profile
ddutil delete --profile aws-prod --confirm

Configuration

Configuration Priority

Configuration values are resolved in the following order (highest to lowest priority):

  1. CLI arguments - Values passed directly via command-line flags
  2. Environment variables - Values from .env file or system environment

Environment Variables

Create a .env file in your project directory:

# Copy the example file
cp .env.example .env

# Edit with your values
nano .env  # or your favorite editor

Required Environment Variables

# DataDog API Credentials
DD_API_KEY=your_datadog_api_key_here    # DataDog API key (required)
DD_APP_KEY=your_datadog_app_key_here    # DataDog application key (required)

# AWS Configuration
AWS_ACCOUNT_ID=123456789012             # Your AWS account ID (required)

Optional Environment Variables

# Application Settings
LOG_LEVEL=INFO                         # Logging level (DEBUG, INFO, WARNING, ERROR)

# DataDog Configuration
DD_ACCOUNT_ID=                         # DataDog account ID (obtained from DataDog)
DD_SITE=datadoghq.com                  # DataDog site (datadoghq.com, datadoghq.eu, etc.)
DD_PARTITION=aws                       # AWS partition (aws, aws-cn, aws-us-gov)
DATADOG_VERIFY_SSL=false               # SSL verification for DataDog API

# AWS Configuration
AWS_PROFILE=default                    # AWS CLI profile name

# IAM Configuration
DD_IAM_ROLE_NAME=datadog-integration-role  # IAM role name
DD_MANAGED_POLICIES=                   # Comma-separated managed policy ARNs
                                       # Default: ReadOnlyAccess, SecurityAudit
DD_POLICY_ACTIONS=                     # Comma-separated additional IAM actions
                                       # Default: 32 standard actions (see .env.example)

# Monitoring Configuration
DD_REGIONS=                            # Comma-separated AWS regions (empty = all)
DD_SERVICES=                           # Comma-separated AWS services (empty = default)
DD_TRACES=                             # Comma-separated services for X-Ray tracing

# Metric Settings
DD_METRIC_AUTOMUTE=true                # Auto-mute monitors (true/false)
DD_METRIC_COLLECT_CLOUDWATCH=true      # Collect CloudWatch alarms (true/false)
DD_METRIC_COLLECT_CUSTOM=false         # Collect custom metrics (true/false)
DD_METRIC_COLLECT_METRICS=true         # Enable metric collection (true/false)
DD_METRIC_ENABLE=true                  # Enable metrics globally (true/false)

# Resource Settings
DD_RESOURCE_COLLECT_CSPM=false         # Cloud Security Posture Management (true/false)
DD_RESOURCE_COLLECT_EXTENDED=true      # Extended resource collection (true/false)

Examples

Basic Setup with .env File

Create .env:

DD_API_KEY=abc123def456...
DD_APP_KEY=xyz789ghi012...
AWS_ACCOUNT_ID=123456789012
AWS_PROFILE=production

Run setup:

# Preview changes
ddutil setup --dry-run

# Apply configuration
ddutil setup

# Check status after setup
ddutil status

Multi-Region Setup

# Monitor specific regions only
ddutil setup --regions us-east-1,us-west-2,eu-west-1

# Or set in .env
DD_REGIONS=us-east-1,us-west-2,eu-west-1
ddutil setup

Specific Services Only

# Monitor specific AWS services
ddutil setup --services AWS/Lambda,AWS/EC2,AWS/RDS

# With X-Ray tracing for Lambda
ddutil setup --services AWS/Lambda,AWS/EC2 --traces AWS/Lambda

Metric and Resource Configuration

# Enable Cloud Security Posture Management
ddutil setup --resource-collect-cspm true

# Enable custom metrics collection
ddutil setup --metric-collect-custom true

# Configure multiple metric settings
ddutil setup \
  --metric-automute true \
  --metric-collect-cloudwatch true \
  --metric-collect-custom false \
  --metric-enable true

Override with CLI Arguments

# Override environment variables for one-off operations
ddutil setup --account-id 999888777666 --profile dev-account

# Use different AWS partition
ddutil setup --partition aws-us-gov --profile govcloud

Custom IAM Configuration

# Custom role name and policies
ddutil setup \
  --role-name custom-datadog-role \
  --managed-policies arn:aws:iam::aws:policy/ReadOnlyAccess \
  --policy-actions logs:PutSubscriptionFilter,s3:GetBucketNotification

# Update existing role policies
ddutil update \
  --managed-policies arn:aws:iam::aws:policy/ReadOnlyAccess,arn:aws:iam::aws:policy/SecurityAudit

Validation and Status Checking

# Check if configuration matches .env settings
ddutil status

# Get detailed JSON output for monitoring
ddutil status --output json > status.json

# Validate specific account configuration
ddutil --verbose status --account-id 123456789012

Development

Project Structure

datadog-utility/
โ”œโ”€โ”€ src/
โ”‚   โ””โ”€โ”€ ddutil/          # Main package
โ”‚       โ”œโ”€โ”€ __init__.py  # Package initialization
โ”‚       โ”œโ”€โ”€ cli.py       # CLI command definitions
โ”‚       โ””โ”€โ”€ common/      # Shared utilities
โ”‚           โ”œโ”€โ”€ aws/     # AWS-related modules
โ”‚           โ”‚   โ”œโ”€โ”€ auth.py      # AWS authentication
โ”‚           โ”‚   โ””โ”€โ”€ iam.py       # IAM role management
โ”‚           โ”œโ”€โ”€ datadog/         # DataDog-related modules
โ”‚           โ”‚   โ””โ”€โ”€ aws.py       # DataDog API interactions
โ”‚           โ”œโ”€โ”€ logs.py          # Logging configuration
โ”‚           โ””โ”€โ”€ utils.py         # Utility functions
โ”œโ”€โ”€ pyproject.toml       # Package configuration
โ”œโ”€โ”€ .env.example         # Example environment variables
โ”œโ”€โ”€ .python-version      # Python version for UV
โ”œโ”€โ”€ requirements.txt     # Python dependencies
โ””โ”€โ”€ responses/           # Sample API responses

Troubleshooting

Common Issues

Missing required environment variables:

# Check if all required variables are set with dry-run
ddutil setup --dry-run

# Set missing variables in .env file or export them
export AWS_ACCOUNT_ID=123456789012
export DD_API_KEY=your_api_key
export DD_APP_KEY=your_app_key

AWS authentication errors:

# Ensure your AWS profile is configured
aws configure --profile your-profile-name

# Or specify profile explicitly
ddutil setup --profile your-profile-name

# Or use environment variables
export AWS_PROFILE=your-profile-name

# Test AWS connectivity
aws sts get-caller-identity --profile your-profile-name

DataDog API errors:

# Verify your API keys are set
echo $DD_API_KEY
echo $DD_APP_KEY

# Make sure they're in your .env file
cat .env | grep DD_

# Test DataDog API connectivity
ddutil --verbose status

Configuration mismatch errors:

# Use status command to see what doesn't match
ddutil status

# Status will show:
# - IAM role and policy status
# - DataDog account configuration
# - Mismatches between actual and expected settings
# - Specific issues with regions, services, metrics, resources

# Fix mismatches by updating
ddutil update --regions us-east-1,us-west-2
ddutil update --metric-collect-cloudwatch true

Debug with verbose and dry-run:

# Always test with dry-run first
ddutil setup --dry-run

# Use verbose for detailed debugging
ddutil --verbose setup --dry-run

# Check logs for detailed error messages
tail -f ~/.ddutil/logs/ddutil.log  # if logging to file

Roadmap

See ROADMAP.md for planned features and improvements.

License

MIT License - See LICENSE file for details.

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for tomburge from gravatar.com tomburge

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT License (MIT)
  • Author: Tom Burge
  • Tags aws , cli , datadog , devops , integration , monitoring
  • Requires: Python >=3.12
Classifiers

Release history Release notifications | RSS feed

0.2.8

0.2.7

0.2.6

0.2.5

0.2.4

This version

0.2.3

0.2.2

0.2.1

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

ddutil-0.2.3.tar.gz (29.0 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

ddutil-0.2.3-py3-none-any.whl (33.0 kB view details)

Uploaded Python 3

File details

Details for the file ddutil-0.2.3.tar.gz.

File metadata

  • Download URL: ddutil-0.2.3.tar.gz
  • Upload date:
  • Size: 29.0 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for ddutil-0.2.3.tar.gz
Algorithm Hash digest
SHA256 446d79da92dc31fc18b5109daaa1ba36f84a01dc141713b90134a7832e740bb8
MD5 272d114c2d86930a9914838bcecb5b68
BLAKE2b-256 cf42e7152a0bcdf2e4cde81bd265c3b3586c98b1be5c77be8c14a6fe7ded316c

See more details on using hashes here.

Provenance

The following attestation bundles were made for ddutil-0.2.3.tar.gz:

Publisher: publish.yml on tomburge/datadog-utility

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file ddutil-0.2.3-py3-none-any.whl.

File metadata

  • Download URL: ddutil-0.2.3-py3-none-any.whl
  • Upload date:
  • Size: 33.0 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for ddutil-0.2.3-py3-none-any.whl
Algorithm Hash digest
SHA256 cc9d7332b44933fbb9c2c0c75ed306fadba9264a24d02adb306208bd058e74de
MD5 4e09b5cd10b9fa8a4c0bfd1b9a90eb5a
BLAKE2b-256 558482a19c95570260bbda2454528b2ee200c7ab02eea09086f2734d4ac1dc63

See more details on using hashes here.

Provenance

The following attestation bundles were made for ddutil-0.2.3-py3-none-any.whl:

Publisher: publish.yml on tomburge/datadog-utility

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page