Description:

datadogcdkconstructsv2 1.16.1

Datadog CDK Constructs






Use this Datadog CDK Construct Library to deploy serverless applications using AWS CDK .
This CDK library automatically configures ingestion of metrics, traces, and logs from your serverless applications by:

Installing and configuring the Datadog Lambda layers for your .NET, Java, Node.js, and Python Lambda functions.
Enabling the collection of traces and custom metrics from your Lambda functions.
Managing subscriptions from the Datadog Forwarder to your Lambda and non-Lambda log groups.

AWS CDK v1 vs AWS CDK v2
WARNING: AWS CDK v1 has reached end-of-support and datadog-cdk-constructs will no longer be receiving updates. It's strongly recommended to upgrade to AWS CDK v2 (official migration guide) and switch to using datadog-cdk-constructs-v2.
Two separate versions of Datadog CDK Constructs exist; datadog-cdk-constructs and datadog-cdk-constructs-v2. These are designed to work with AWS CDK v1 and AWS CDK v2 respectively.

datadog-cdk-constructs-v2 requires Node >= 14, while datadog-cdk-constructs supports Node >= 12.
datadog-cdk-constructs-v2 contains more features.
Otherwise, the use of the two packages is identical.

npm Package Installation:
For use with AWS CDK v2:
yarn add --dev datadog-cdk-constructs-v2
# or
npm install datadog-cdk-constructs-v2 --save-dev

For use with AWS CDK v1:
yarn add --dev datadog-cdk-constructs
# or
npm install datadog-cdk-constructs --save-dev

PyPI Package Installation:
For use with AWS CDK v2:
pip install datadog-cdk-constructs-v2

For use with AWS CDK v1:
pip install datadog-cdk-constructs

Go Package Installation:
For use with AWS CDK v2:
go get github.com/DataDog/datadog-cdk-constructs-go/ddcdkconstruct

AWS CDK v1 is not supported.
Note:
Pay attention to the output from your package manager as the Datadog CDK Construct Library has peer dependencies.
Usage
AWS CDK

If you are new to AWS CDK then check out this workshop.
The following examples assume the use of AWS CDK v2. If you're using CDK v1, import datadog-cdk-constructs rather than datadog-cdk-constructs-v2.

Add this to your CDK stack:
TypeScript
import { Datadog } from "datadog-cdk-constructs-v2";

const datadog = new Datadog(this, "Datadog", {
nodeLayerVersion: <LAYER_VERSION>,
pythonLayerVersion: <LAYER_VERSION>,
javaLayerVersion: <LAYER_VERSION>,
dotnetLayerVersion: <LAYER_VERSION>
addLayers: <BOOLEAN>,
extensionLayerVersion: "<EXTENSION_VERSION>",
forwarderArn: "<FORWARDER_ARN>",
createForwarderPermissions: <BOOLEAN>,
flushMetricsToLogs: <BOOLEAN>,
site: "<SITE>",
apiKey: "{Datadog_API_Key}",
apiKeySecretArn: "{Secret_ARN_Datadog_API_Key}",
apiKeySecret: <AWS_CDK_ISECRET>, // Only available in datadog-cdk-constructs-v2
apiKmsKey: "{Encrypted_Datadog_API_Key}",
enableDatadogTracing: <BOOLEAN>,
enableMergeXrayTraces: <BOOLEAN>,
enableDatadogLogs: <BOOLEAN>,
injectLogContext: <BOOLEAN>,
logLevel: <STRING>,
env: <STRING>, //Optional
service: <STRING>, //Optional
version: <STRING>, //Optional
tags: <STRING>, //Optional
});
datadog.addLambdaFunctions([<LAMBDA_FUNCTIONS>])
datadog.addForwarderToNonLambdaLogGroups([<LOG_GROUPS>])

Go
import (
"github.com/DataDog/datadog-cdk-constructs-go/ddcdkconstruct"
)
datadog := ddcdkconstruct.NewDatadog(
stack,
jsii.String("Datadog"),
&ddcdkconstruct.DatadogProps{
NodeLayerVersion: jsii.Number(<LAYER_VERSION>),
AddLayers: jsii.Bool(<BOOLEAN>),
Site: jsii.String(<SITE>),
ApiKey: jsii.String(os.Getenv("DD_API_KEY")),
// ...
})
datadog.AddLambdaFunctions(&[]interface{}{myFunction}, nil)
datadog.AddForwarderToNonLambdaLogGroups()

Source Code Integration
Source code integration is enabled by default through automatic lambda tagging, and will work if:


The Datadog Github integration is installed.


Your datadog-cdk dependency satisfies either of the below versions:

datadog-cdk-constructs-v2 >= 1.4.0
datadog-cdk-constructs >= 0.8.5



Alternative Methods to Enable Source Code Integration
If the automatic implementation doesn't work for your case, please follow one of the two guides below.
Note: these alternate guides only work for Typescript.

datadog-cdk version satisfied, but Datadog Github integration NOT installed
If the Datadog Github integration is not installed, you need to import the datadog-ci package and manually upload your Git metadata to Datadog.
For the best results, import the datadog-ci package where your CDK Stack is initialized.
const app = new cdk.App();

// Make sure to add @datadog/datadog-ci via your package manager
const datadogCi = require("@datadog/datadog-ci");
// Manually uploading Git metadata to Datadog.
datadogCi.gitMetadata.uploadGitCommitHash("{Datadog_API_Key}", "<SITE>");

const app = new cdk.App();
new ExampleStack(app, "ExampleStack", {});

app.synth();



datadog-cdk version NOT satisfied
Change your initialization function as follows (in this case, gitHash value is passed to the CDK):
async function main() {
// Make sure to add @datadog/datadog-ci via your package manager
const datadogCi = require("@datadog/datadog-ci");
const [, gitHash] = await datadogCi.gitMetadata.uploadGitCommitHash("{Datadog_API_Key}", "<SITE>");

const app = new cdk.App();
// Pass in the hash to the ExampleStack constructor
new ExampleStack(app, "ExampleStack", {}, gitHash);
}

Ensure you call this function to initialize your stack.
In your stack constructor, change to add an optional gitHash parameter, and call addGitCommitMetadata():
export class ExampleStack extends cdk.Stack {
constructor(scope: cdk.App, id: string, props?: cdk.StackProps, gitHash?: string) {
...
...
datadog.addGitCommitMetadata([<YOUR_FUNCTIONS>], gitHash)
}
}


Configuration
To further configure your Datadog construct, use the following custom parameters:
Note: The descriptions use the npm package parameters, but they also apply to the PyPI package parameters.



npm package parameter
PyPI package parameter
Description




addLayers
add_layers
Whether to add the Lambda Layers or expect the user to bring their own. Defaults to true. When true, the Lambda Library version variables are also required. When false, you must include the Datadog Lambda library in your functions' deployment packages.


pythonLayerVersion
python_layer_version
Version of the Python Lambda layer to install, such as 83. Required if you are deploying at least one Lambda function written in Python and addLayers is true. Find the latest version number here.


nodeLayerVersion
node_layer_version
Version of the Node.js Lambda layer to install, such as 100. Required if you are deploying at least one Lambda function written in Node.js and addLayers is true. Find the latest version number from here.


javaLayerVersion
java_layer_version
Version of the Java layer to install, such as 8. Required if you are deploying at least one Lambda function written in Java and addLayers is true. Find the latest version number in the Serverless Java installation documentation. Note: extensionLayerVersion >= 25 and javaLayerVersion >= 5 are required for the Datadog construct to instrument your Java functions properly.


dotnetLayerVersion
dotnet_layer_version
Version of the .NET layer to install, such as 13. Required if you are deploying at least one Lambda function written in .NET and addLayers is true. Find the latest version number from here.


extensionLayerVersion
extension_layer_version
Version of the Datadog Lambda Extension layer to install, such as 5. When extensionLayerVersion is set, apiKey (or if encrypted, apiKMSKey or apiKeySecretArn) needs to be set as well. When enabled, lambda function log groups will not be subscribed by the forwarder. Learn more about the Lambda extension here.


forwarderArn
forwarder_arn
When set, the plugin will automatically subscribe the Datadog Forwarder to the functions' log groups. Do not set forwarderArn when extensionLayerVersion is set.


createForwarderPermissions
createForwarderPermissions
When set to true, creates a Lambda permission on the the Datadog Forwarder per log group. Since the Datadog Forwarder has permissions configured by default, this is unnecessary in most use cases.


flushMetricsToLogs
flush_metrics_to_logs
Send custom metrics using CloudWatch logs with the Datadog Forwarder Lambda function (recommended). Defaults to true . If you disable this parameter, it's required to set apiKey (or if encrypted, apiKMSKey or apiKeySecretArn).


site
site
Set which Datadog site to send data. This is only used when flushMetricsToLogs is false or extensionLayerVersion is set. Possible values are datadoghq.com, datadoghq.eu, us3.datadoghq.com, us5.datadoghq.com, ap1.datadoghq.com, and ddog-gov.com. The default is datadoghq.com.


apiKey
api_key
Datadog API Key, only needed when flushMetricsToLogs is false or extensionLayerVersion is set. For more information about getting a Datadog API key, see the API key documentation.


apiKeySecretArn
api_key_secret_arn
The ARN of the secret storing the Datadog API key in AWS Secrets Manager. Use this parameter in place of apiKey when flushMetricsToLogs is false or extensionLayer is set. Remember to add the secretsmanager:GetSecretValue permission to the Lambda execution role.


apiKeySecret
api_key_secret
An AWS CDK ISecret representing a secret storing the Datadog API key in AWS Secrets Manager. Use this parameter in place of apiKeySecretArn to automatically grant your Lambda execution roles read access to the given secret. See here for an example. Only available in datadog-cdk-constructs-v2.


apiKmsKey
api_kms_key
Datadog API Key encrypted using KMS. Use this parameter in place of apiKey when flushMetricsToLogs is false or extensionLayerVersion is set, and you are using KMS encryption.


enableDatadogTracing
enable_datadog_tracing
Enable Datadog tracing on your Lambda functions. Defaults to true.


enableMergeXrayTraces
enable_merge_xray_traces
Enable merging X-Ray traces on your Lambda functions. Defaults to false.


enableDatadogLogs
enable_datadog_logs
Send Lambda function logs to Datadog via the Datadog Lambda Extension. Defaults to true. Note: This setting has no effect on logs sent via the Datadog Forwarder.


enableSourceCodeIntegration
enable_source_code_integration
Enable Datadog Source Code Integration, connecting your telemetry with application code in your Git repositories. This requires the Datadog Github integration to work, otherwise please follow the alternative method. Learn more here. Defaults to true.


injectLogContext
inject_log_context
When set, the Lambda layer will automatically patch console.log with Datadog's tracing ids. Defaults to true.


logLevel
log_level
When set to debug, the Datadog Lambda Library and Extension will log additional information to help troubleshoot issues.


env
env
When set along with extensionLayerVersion, a DD_ENV environment variable is added to all Lambda functions with the provided value. When set along with forwarderArn, an env tag is added to all Lambda functions with the provided value.


service
service
When set along with extensionLayerVersion, a DD_SERVICE environment variable is added to all Lambda functions with the provided value. When set along with forwarderArn, a service tag is added to all Lambda functions with the provided value.


version
version
When set along with extensionLayerVersion, a DD_VERSION environment variable is added to all Lambda functions with the provided value. When set along with forwarderArn, a version tag is added to all Lambda functions with the provided value.


tags
tags
A comma separated list of key:value pairs as a single string. When set along with extensionLayerVersion, a DD_TAGS environment variable is added to all Lambda functions with the provided value. When set along with forwarderArn, the cdk parses the string and sets each key:value pair as a tag to all Lambda functions.


enableColdStartTracing
enable_cold_start_tracing
Set to false to disable Cold Start Tracing. Used in Node.js and Python. Defaults to true.


coldStartTraceMinDuration
min_cold_start_trace_duration
Sets the minimum duration (in milliseconds) for a module load event to be traced via Cold Start Tracing. Number. Defaults to 3.


coldStartTraceSkipLibs
cold_start_trace_skip_libs
Optionally skip creating Cold Start Spans for a comma-separated list of libraries. Useful to limit depth or skip known libraries. Default depends on runtime.


enableProfiling
enable_profiling
Enable the Datadog Continuous Profiler with true. Supported in Beta for Node.js and Python. Defaults to false.


encodeAuthorizerContext
encode_authorizer_context
When set to true for Lambda authorizers, the tracing context will be encoded into the response for propagation. Supported for Node.js and Python. Defaults to true.


decodeAuthorizerContext
decode_authorizer_context
When set to true for Lambdas that are authorized via Lambda authorizers, it will parse and use the encoded tracing context (if found). Supported for Node.js and Python. Defaults to true.


apmFlushDeadline
apm_flush_deadline
Used to determine when to submit spans before a timeout occurs, in milliseconds. When the remaining time in an AWS Lambda invocation is less than the value set, the tracer attempts to submit the current active spans and all finished spans. Supported for Node.js and Python. Defaults to 100 milliseconds.


redirectHandler
redirect_handler
When set to false, skip redirecting handler to the Datadog Lambda Library's handler. Useful when only instrumenting with Datadog Lambda Extension. Defaults to true.



Note: Using the parameters above may override corresponding function level DD_XXX environment variables.
Tracing
Enable X-Ray Tracing on your Lambda functions. For more information, see CDK documentation.
import * as lambda from "aws-cdk-lib/aws-lambda";

const lambda_function = new lambda.Function(this, "HelloHandler", {
runtime: lambda.Runtime.NODEJS_14_X,
code: lambda.Code.fromAsset("lambda"),
handler: "hello.handler",
tracing: lambda.Tracing.ACTIVE,
});

Nested Stacks
Add the Datadog CDK Construct to each stack you wish to instrument with Datadog. In the example below, we initialize the Datadog CDK Construct and call addLambdaFunctions() in both the RootStack and NestedStack.
import { Datadog } from "datadog-cdk-constructs-v2";
import * as cdk from "aws-cdk-lib";
import { Construct } from "constructs";

class RootStack extends cdk.Stack {
constructor(scope: cdk.App, id: string, props?: cdk.StackProps) {
super(scope, id, props);
new NestedStack(this, "NestedStack");

const datadog = new Datadog(this, "Datadog", {
nodeLayerVersion: <LAYER_VERSION>,
pythonLayerVersion: <LAYER_VERSION>,
javaLayerVersion: <LAYER_VERSION>,
dotnetLayerVersion: <LAYER-VERSION>,
addLayers: <BOOLEAN>,
forwarderArn: "<FORWARDER_ARN>",
flushMetricsToLogs: <BOOLEAN>,
site: "<SITE>",
apiKey: "{Datadog_API_Key}",
apiKeySecretArn: "{Secret_ARN_Datadog_API_Key}",
apiKmsKey: "{Encrypted_Datadog_API_Key}",
enableDatadogTracing: <BOOLEAN>,
enableMergeXrayTraces: <BOOLEAN>,
enableDatadogLogs: <BOOLEAN>,
injectLogContext: <BOOLEAN>
});
datadog.addLambdaFunctions([<LAMBDA_FUNCTIONS>]);

}
}

class NestedStack extends cdk.NestedStack {
constructor(scope: Construct, id: string, props?: cdk.NestedStackProps) {
super(scope, id, props);

const datadog = new Datadog(this, "Datadog", {
nodeLayerVersion: <LAYER_VERSION>,
pythonLayerVersion: <LAYER_VERSION>,
javaLayerVersion: <LAYER_VERSION>,
dotnetLayerVersion: <LAYER-VERSION>,
addLayers: <BOOLEAN>,
forwarderArn: "<FORWARDER_ARN>",
flushMetricsToLogs: <BOOLEAN>,
site: "<SITE>",
apiKey: "{Datadog_API_Key}",
apiKeySecretArn: "{Secret_ARN_Datadog_API_Key}",
apiKmsKey: "{Encrypted_Datadog_API_Key}",
enableDatadogTracing: <BOOLEAN>,
enableMergeXrayTraces: <BOOLEAN>,
enableDatadogLogs: <BOOLEAN>,
injectLogContext: <BOOLEAN>
});
datadog.addLambdaFunctions([<LAMBDA_FUNCTIONS>]);

}
}

Tags
Add tags to your constructs. We recommend setting an env and service tag to tie Datadog telemetry together. For more information see official AWS documentation and CDK documentation.
Automatically grant AWS secret read access to Lambda execution role
Only available in datadog-cdk-constructs-v2
To automatically grant your Lambda execution roles read access to a given secret, pass in apiKeySecret in place of apiKeySecretArn when initializing the Datadog construct.
const { Secret } = require('aws-cdk-lib/aws-secretsmanager');

const secret = Secret.fromSecretPartialArn(this, 'DatadogApiKeySecret', 'arn:aws:secretsmanager:us-west-1:123:secret:DATADOG_API_KEY');

const datadog = new Datadog(this, 'Datadog', {
...
apiKeySecret: secret
...
});

When addLambdaFunctions is called, the Datadog CDK construct grants your Lambda execution roles read access to the given AWS secret. This is done through the AWS ISecret's grantRead function.
How it works
The Datadog CDK construct takes in a list of lambda functions and installs the Datadog Lambda Library by attaching the Lambda Layers for .NET, Java, Node.js, and Python to your functions. It redirects to a replacement handler that initializes the Lambda Library without any required code changes. Additional configurations added to the Datadog CDK construct will also translate into their respective environment variables under each lambda function (if applicable / required).
While Lambda function based log groups are handled by the addLambdaFunctions method automatically, the construct has an additional function addForwarderToNonLambdaLogGroups which subscribes the forwarder to any additional log groups of your choosing.
Resources to learn about CDK

CDK TypeScript Workshop
Video Introducing CDK by AWS with Demo
CDK Concepts

Using Projen
The Datadog CDK Construct Libraries use Projen to maintain project configuration files such as the package.json, .gitignore, .npmignore, etc. Most of the configuration files will be protected by Projen via read-only permissions. In order to change these files, edit the .projenrc.js file, then run npx projen to synthesize the new changes. Check out Projen for more details.
Opening Issues
If you encounter a bug with this package, we want to hear about it. Before opening a new issue, search the existing issues to avoid duplicates.
When opening an issue, include the Datadog CDK Construct version, Node version, and stack trace if available. In addition, include the steps to reproduce when appropriate.
You can also open an issue for a feature request.
Contributing
If you find an issue with this package and have a fix, please feel free to open a pull request following the procedures.
Testing
If you contribute to this package you can run the tests using yarn test. This package also includes a sample application for manual testing:

Open a seperate terminal.
Run yarn watch, this will ensure the Typescript files in the src directory are compiled to Javascript in the lib directory.
Navigate to src/sample, here you can edit index.ts to test your contributions manually.
At the root directory, run npx cdk --app lib/sample/index.js <CDK Command>, replacing <CDK Command> with common CDK commands like synth, diff, or deploy.


Note, if you receive "... is not authorized to perform: ..." you may also need to authorize the commands with your AWS credentials.

Debug Logs
To display the debug logs for this library, set the DD_CONSTRUCT_DEBUG_LOGS env var to true when running cdk synth (use --quiet to suppress generated template output).
Example:
Ensure you are at the root directory
DD_CONSTRUCT_DEBUG_LOGS=true npx cdk --app lib/sample/index.js synth --quiet

Community
For product feedback and questions, join the #serverless channel in the Datadog community on Slack.
License
Unless explicitly stated otherwise all files in this repository are licensed under the Apache License Version 2.0.
This product includes software developed at Datadog (https://www.datadoghq.com/). Copyright 2021 Datadog, Inc.

License

For personal and professional use. You cannot resell or redistribute these repositories in their original state.

Share

• Share on Facebook
• Share on Twitter