DataDog
diff --git a/‎content/en/security/application_security/setup/aws/lambda/dotnet.md‎
Lines changed: 66 additions & 48 deletions b/‎content/en/security/application_security/setup/aws/lambda/dotnet.md‎
Lines changed: 66 additions & 48 deletions
diff --git a/‎content/en/security/application_security/setup/aws/lambda/go.md‎
Lines changed: 20 additions & 24 deletions b/‎content/en/security/application_security/setup/aws/lambda/go.md‎
Lines changed: 20 additions & 24 deletions
@@ -21,7 +21,7 @@ further_reading:
 Configuring App and API Protection (AAP) for AWS Lambda involves:
 
 1. Identifying functions that are vulnerable or are under attack, which would most benefit from AAP. Find them on [the Security tab of your Software Catalog][1].
-2. Setting up AAP instrumentation by using either the [Datadog CLI](https://docs.datadoghq.com/serverless/serverless_integrations/cli), [AWS CDK](https://github.com/DataDog/datadog-cdk-constructs), [Datadog Serverless Framework plugin][7], or manually by using the Datadog tracing layers.
+2. Setting up AAP instrumentation by using either the [Datadog CLI](https://docs.datadoghq.com/serverless/serverless_integrations/cli), [AWS CDK](https://github.com/DataDog/datadog-cdk-constructs), [Datadog Serverless Framework plugin][2], or manually by using the Datadog tracing layers.
 3. Triggering security signals in your application and seeing how Datadog displays the resulting information.
 
 ## Prerequisites
@@ -31,7 +31,7 @@ Configuring App and API Protection (AAP) for AWS Lambda involves:
 
 ## Compatibility
 
-**Note**: Threat Protection through Remote Configuration is not supported. Use [Workflows][5] to block IPs in your [WAF][6].
+**Note**: Threat Protection through Remote Configuration is not supported. Use [Workflows][3] to block IPs in your [WAF][4].
 
 ## Supported trigger types
 Threat Detection supports HTTP requests as function input only, as that channel has the highest likelihood of attackers exploiting a serverless application. HTTP requests typically come from AWS services such as:
@@ -48,7 +48,7 @@ Threat Detection supports HTTP requests as function input only, as that channel
 {{< tabs >}}
 {{% tab "Serverless Framework" %}}
 
-The [Datadog Serverless Framework plugin][7] can be used to automatically configure and deploy your lambda with AAP.
+The [Datadog Serverless Framework plugin][2] can be used to automatically configure and deploy your lambda with AAP.
 
 To install and configure the Datadog Serverless Framework plugin:
 
@@ -72,9 +72,9 @@ To install and configure the Datadog Serverless Framework plugin:
        enableDDTracing: true
        enableASM: true
    ```
-   See also the complete list of [plugin parameters][9] to further configure your lambda settings.
+   See also the complete list of [plugin parameters][5] to further configure your lambda settings.
 
-4. Redeploy the function and invoke it. After a few minutes, it appears in [AAP views][3].
+4. Redeploy the function and invoke it. After a few minutes, it appears in [AAP views][6].
 
 {{% /tab %}}
 {{% tab "Datadog CLI" %}}
@@ -97,7 +97,7 @@ The Datadog CLI modifies existing Lambda function configurations to enable instr
 
 3. Configure the AWS credentials:
 
-    Datadog CLI requires access to the AWS Lambda service, and depends on the AWS JavaScript SDK to [resolve the credentials][10]. Ensure your AWS credentials are configured using the same method you would use when invoking the AWS CLI.
+    Datadog CLI requires access to the AWS Lambda service, and depends on the AWS JavaScript SDK to [resolve the credentials][7]. Ensure your AWS credentials are configured using the same method you would use when invoking the AWS CLI.
 
 4. Configure the Datadog site:
 
@@ -136,12 +136,12 @@ The Datadog CLI modifies existing Lambda function configurations to enable instr
 
    **Note**: Instrument your Lambda functions in a development or staging environment first. If the instrumentation result is unsatisfactory, run `uninstrument` with the same arguments to revert the changes.
 
-    Additional parameters can be found in the [CLI documentation][11].
+    Additional parameters can be found in the [CLI documentation][8].
 
 {{% /tab %}}
 {{% tab "AWS CDK" %}}
 
-The [Datadog CDK Construct][12] automatically installs Datadog on your functions using Lambda Layers, and configures your functions to send metrics, traces, and logs to Datadog through the Datadog Lambda Extension.
+The [Datadog CDK Construct][9] automatically installs Datadog on your functions using Lambda Layers, and configures your functions to send metrics, traces, and logs to Datadog through the Datadog Lambda Extension.
 
 1. Install the Datadog CDK constructs library:
 
@@ -175,47 +175,67 @@ The [Datadog CDK Construct][12] automatically installs Datadog on your functions
 
     To fill in the placeholders:
     - Replace `<DATADOG_SITE>` with {{< region-param key="dd_site" code="true" >}} (ensure the correct SITE is selected on the right).
-    - Replace `<DATADOG_API_KEY_SECRET_ARN>` with the ARN of the AWS secret where your [Datadog API key][13] is securely stored. The key needs to be stored as a plaintext string (not a JSON blob). The `secretsmanager:GetSecretValue` permission is required. For quick testing, you can use `apiKey` instead and set the Datadog API key in plaintext.
+    - Replace `<DATADOG_API_KEY_SECRET_ARN>` with the ARN of the AWS secret where your [Datadog API key][10] is securely stored. The key needs to be stored as a plaintext string (not a JSON blob). The `secretsmanager:GetSecretValue` permission is required. For quick testing, you can use `apiKey` instead and set the Datadog API key in plaintext.
 
-    More information and additional parameters can be found on the [Datadog CDK documentation][12].
+    More information and additional parameters can be found on the [Datadog CDK documentation][9].
 
 {{% /tab %}}
 {{% tab "Custom" %}}
 
-1. Install the Datadog tracer by configuring the layer ARN that matches your deployment. Replace `<AWS_REGION>` with a valid AWS region such as `us-east-1`:
-   ```sh
-   # x86-based Lambda in AWS commercial regions
-   arn:aws:lambda:<AWS_REGION>:464622532012:layer:dd-trace-dotnet:{{< latest-lambda-layer-version layer="dd-trace-dotnet" >}}
-   # arm64-based Lambda in AWS commercial regions
-   arn:aws:lambda:<AWS_REGION>:464622532012:layer:dd-trace-dotnet-ARM:{{< latest-lambda-layer-version layer="dd-trace-dotnet" >}}
-   # x86-based Lambda in AWS GovCloud regions
-   arn:aws-us-gov:lambda:<AWS_REGION>:002406178527:layer:dd-trace-dotnet:{{< latest-lambda-layer-version layer="dd-trace-dotnet" >}}
-   # arm64-based Lambda in AWS GovCloud regions
-   arn:aws-us-gov:lambda:<AWS_REGION>:002406178527:layer:dd-trace-dotnet-ARM:{{< latest-lambda-layer-version layer="dd-trace-dotnet" >}}
-   ```
+1. Install the Datadog Tracer
 
-2. Install the Datadog Lambda Extension by configuring the layers for your Lambda function using the ARN in one of the following formats. Replace `<AWS_REGION>` with a valid AWS region such as `us-east-1`:
-   ```sh
-   # x86-based Lambda in AWS commercial regions
-   arn:aws:lambda:<AWS_REGION>:464622532012:layer:Datadog-Extension:{{< latest-lambda-layer-version layer="extension" >}}
-   # arm64-based Lambda in AWS commercial regions
-   arn:aws:lambda:<AWS_REGION>:464622532012:layer:Datadog-Extension-ARM:{{< latest-lambda-layer-version layer="extension" >}}
-   # x86-based Lambda in AWS GovCloud regions
-   arn:aws-us-gov:lambda:<AWS_REGION>:002406178527:layer:Datadog-Extension:{{< latest-lambda-layer-version layer="extension" >}}
-   # arm64-based Lambda in AWS GovCloud regions
-   arn:aws-us-gov:lambda:<AWS_REGION>:002406178527:layer:Datadog-Extension-ARM:{{< latest-lambda-layer-version layer="extension" >}}
-   ```
+    [Configure the layers][11] for your Lambda function using the ARN in the following format:
+
+    ```sh
+    # Use this format for x86-based Lambda deployed in AWS commercial regions
+    arn:aws:lambda:<AWS_REGION>:464622532012:layer:dd-trace-dotnet:{{< latest-lambda-layer-version layer="dd-trace-dotnet" >}}
+
+    # Use this format for arm64-based Lambda deployed in AWS commercial regions
+    arn:aws:lambda:<AWS_REGION>:464622532012:layer:dd-trace-dotnet-ARM:{{< latest-lambda-layer-version layer="dd-trace-dotnet" >}}
+
+    # Use this format for x86-based Lambda deployed in AWS GovCloud regions
+    arn:aws-us-gov:lambda:<AWS_REGION>:002406178527:layer:dd-trace-dotnet:{{< latest-lambda-layer-version layer="dd-trace-dotnet" >}}
+
+    # Use this format for arm64-based Lambda deployed in AWS GovCloud regions
+    arn:aws-us-gov:lambda:<AWS_REGION>:002406178527:layer:dd-trace-dotnet-ARM:{{< latest-lambda-layer-version layer="dd-trace-dotnet" >}}
+    ```
+
+    Replace `<AWS_REGION>` with a valid AWS region, such as `us-east-1`.
+
+2. Install the Datadog Lambda Extension
 
-3. Enable AAP by adding the following environment variables on your function deployment:
+    [Configure the layers][11] for your Lambda function using the ARN in the following format:
+
+    ```sh
+    # Use this format for x86-based Lambda deployed in AWS commercial regions
+    arn:aws:lambda:<AWS_REGION>:464622532012:layer:Datadog-Extension:{{< latest-lambda-layer-version layer="extension" >}}
+
+    # Use this format for arm64-based Lambda deployed in AWS commercial regions
+    arn:aws:lambda:<AWS_REGION>:464622532012:layer:Datadog-Extension-ARM:{{< latest-lambda-layer-version layer="extension" >}}
+
+    # Use this format for x86-based Lambda deployed in AWS GovCloud regions
+    arn:aws-us-gov:lambda:<AWS_REGION>:002406178527:layer:Datadog-Extension:{{< latest-lambda-layer-version layer="extension" >}}
+
+    # Use this format for arm64-based Lambda deployed in AWS GovCloud regions
+    arn:aws-us-gov:lambda:<AWS_REGION>:002406178527:layer:Datadog-Extension-ARM:{{< latest-lambda-layer-version layer="extension" >}}
+    ```
+
+    Replace `<AWS_REGION>` with a valid AWS region, such as `us-east-1`.
+
+3. Set the required environment variables
+
+    - Set `AWS_LAMBDA_EXEC_WRAPPER` to `/opt/datadog_wrapper`.
+    - Set `DD_SITE` to {{< region-param key="dd_site" code="true" >}} (ensure the correct SITE is selected on the right).
+    - Set `DD_API_KEY_SECRET_ARN` to the ARN of the AWS secret where your [Datadog API key][10] is securely stored. The key needs to be stored as a plaintext string (not a JSON blob). The `secretsmanager:GetSecretValue` permission is required. For quick testing, you can use `DD_API_KEY` instead and set the Datadog API key in plaintext.
+
+4. Enable AAP by adding the following environment variables on your function deployment:
    ```yaml
    environment:
      AWS_LAMBDA_EXEC_WRAPPER: /opt/datadog_wrapper
      DD_SERVERLESS_APPSEC_ENABLED: true
    ```
 
-4. Redeploy the function and invoke it. After a few minutes, it appears in [AAP views][3].
-
-[15]: https://docs.aws.amazon.com/lambda/latest/dg/configuration-layers.html
+5. Redeploy the function and invoke it. After a few minutes, it appears in [AAP views][6].
 
 {{% /tab %}}
 {{< /tabs >}}
@@ -225,16 +245,14 @@ The [Datadog CDK Construct][12] automatically installs Datadog on your functions
 {{< partial name="whats-next/whats-next.html" >}}
 
 [1]: https://app.datadoghq.com/services?query=type%3Afunction%20&env=prod&groupBy=&hostGroup=%2A&lens=Security&sort=-attackExposure&view=list
-[2]: /serverless/distributed_tracing/
-[3]: https://app.datadoghq.com/security/appsec?column=time&order=desc
-[5]: /actions/workflows/
-[6]: /security/application_security/waf-integration/
-[7]: https://docs.datadoghq.com/serverless/serverless_integrations/plugin
-[8]: https://docs.datadoghq.com/serverless/libraries_integrations/extension
-[9]: https://docs.datadoghq.com/serverless/libraries_integrations/plugin/#configuration-parameters
-[10]: https://docs.aws.amazon.com/sdk-for-javascript/v2/developer-guide/setting-credentials-node.html
-[11]: https://docs.datadoghq.com/serverless/serverless_integrations/cli
-[12]: https://github.com/DataDog/datadog-cdk-constructs
-[13]: https://app.datadoghq.com/organization-settings/api-keys
-[15]: https://docs.aws.amazon.com/lambda/latest/dg/configuration-layers.html
+[2]: https://docs.datadoghq.com/serverless/serverless_integrations/plugin
+[3]: /actions/workflows/
+[4]: /security/application_security/waf-integration/
+[5]: https://docs.datadoghq.com/serverless/libraries_integrations/plugin/#configuration-parameters
+[6]: https://app.datadoghq.com/security/appsec?column=time&order=desc
+[7]: https://docs.aws.amazon.com/sdk-for-javascript/v2/developer-guide/setting-credentials-node.html
+[8]: https://docs.datadoghq.com/serverless/serverless_integrations/cli
+[9]: https://github.com/DataDog/datadog-cdk-constructs
+[10]: https://app.datadoghq.com/organization-settings/api-keys
+[11]: https://docs.aws.amazon.com/lambda/latest/dg/configuration-layers.html
 [apm-lambda-tracing-setup]: https://docs.datadoghq.com/serverless/aws_lambda/distributed_tracing/
@@ -21,7 +21,7 @@ further_reading:
 Configuring App and API Protection (AAP) for AWS Lambda involves:
 
 1. Identifying functions that are vulnerable or are under attack, which would most benefit from AAP. Find them on [the Security tab of your Software Catalog][1].
-2. Setting up AAP instrumentation by using either the [Datadog CLI](https://docs.datadoghq.com/serverless/serverless_integrations/cli), [AWS CDK](https://github.com/DataDog/datadog-cdk-constructs), [Datadog Serverless Framework plugin][7], or manually by using the Datadog tracing layers.
+2. Setting up AAP instrumentation by using either the [Datadog CLI](https://docs.datadoghq.com/serverless/serverless_integrations/cli), [AWS CDK](https://github.com/DataDog/datadog-cdk-constructs), [Datadog Serverless Framework plugin][2], or manually by using the Datadog tracing layers.
 3. Triggering security signals in your application and seeing how Datadog displays the resulting information.
 
 ## Prerequisites
@@ -31,7 +31,7 @@ Configuring App and API Protection (AAP) for AWS Lambda involves:
 
 ## Compatibility
 
-**Note**: Threat Protection through Remote Configuration is not supported. Use [Workflows][5] to block IPs in your [WAF][6].
+**Note**: Threat Protection through Remote Configuration is not supported. Use [Workflows][3] to block IPs in your [WAF][4].
 
 The Datadog Go tracer is distributed as a Go module rather than a Lambda layer. Ensure your functions vendor the latest `github.com/DataDog/datadog-lambda-go` release when enabling AAP.
 
@@ -50,7 +50,7 @@ Threat Detection supports HTTP requests as function input only, as that channel
 {{< tabs >}}
 {{% tab "Serverless Framework" %}}
 
-The [Datadog Serverless Framework plugin][7] can be used to automatically configure and deploy your lambda with AAP.
+The [Datadog Serverless Framework plugin][2] can be used to automatically configure and deploy your lambda with AAP.
 
 To install and configure the Datadog Serverless Framework plugin:
 
@@ -74,9 +74,9 @@ To install and configure the Datadog Serverless Framework plugin:
        enableDDTracing: true
        enableASM: true
    ```
-   See also the complete list of [plugin parameters][9] to further configure your lambda settings.
+   See also the complete list of [plugin parameters][5] to further configure your lambda settings.
 
-4. Redeploy the function and invoke it. After a few minutes, it appears in [AAP views][3].
+4. Redeploy the function and invoke it. After a few minutes, it appears in [AAP views][6].
 
 {{% /tab %}}
 {{% tab "Datadog CLI" %}}
@@ -99,7 +99,7 @@ The Datadog CLI modifies existing Lambda function configurations to enable instr
 
 3. Configure the AWS credentials:
 
-    Datadog CLI requires access to the AWS Lambda service, and depends on the AWS JavaScript SDK to [resolve the credentials][10]. Ensure your AWS credentials are configured using the same method you would use when invoking the AWS CLI.
+    Datadog CLI requires access to the AWS Lambda service, and depends on the AWS JavaScript SDK to [resolve the credentials][7]. Ensure your AWS credentials are configured using the same method you would use when invoking the AWS CLI.
 
 4. Configure the Datadog site:
 
@@ -138,12 +138,12 @@ The Datadog CLI modifies existing Lambda function configurations to enable instr
 
    **Note**: Instrument your Lambda functions in a development or staging environment first. If the instrumentation result is unsatisfactory, run `uninstrument` with the same arguments to revert the changes. After the CLI completes, update your source code to depend on the latest `datadog-lambda-go` module release to enable App and API Protection.
 
-    Additional parameters can be found in the [CLI documentation][11].
+    Additional parameters can be found in the [CLI documentation][8].
 
 {{% /tab %}}
 {{% tab "AWS CDK" %}}
 
-The [Datadog CDK Construct][12] automatically installs Datadog on your functions using Lambda Layers, and configures your functions to send metrics, traces, and logs to Datadog through the Datadog Lambda Extension.
+The [Datadog CDK Construct][9] automatically installs Datadog on your functions using Lambda Layers, and configures your functions to send metrics, traces, and logs to Datadog through the Datadog Lambda Extension.
 
 1. Install the Datadog CDK constructs library:
 
@@ -176,9 +176,9 @@ The [Datadog CDK Construct][12] automatically installs Datadog on your functions
 
     To fill in the placeholders:
     - Replace `<DATADOG_SITE>` with {{< region-param key="dd_site" code="true" >}} (ensure the correct SITE is selected on the right).
-    - Replace `<DATADOG_API_KEY_SECRET_ARN>` with the ARN of the AWS secret where your [Datadog API key][13] is securely stored. The key needs to be stored as a plaintext string (not a JSON blob). The `secretsmanager:GetSecretValue` permission is required. For quick testing, you can use `apiKey` instead and set the Datadog API key in plaintext.
+    - Replace `<DATADOG_API_KEY_SECRET_ARN>` with the ARN of the AWS secret where your [Datadog API key][10] is securely stored. The key needs to be stored as a plaintext string (not a JSON blob). The `secretsmanager:GetSecretValue` permission is required. For quick testing, you can use `apiKey` instead and set the Datadog API key in plaintext.
 
-    More information and additional parameters can be found on the [Datadog CDK documentation][12].
+    More information and additional parameters can be found on the [Datadog CDK documentation][9].
 
 {{% /tab %}}
 {{% tab "Custom" %}}
@@ -207,9 +207,8 @@ The [Datadog CDK Construct][12] automatically installs Datadog on your functions
      DD_SERVERLESS_APPSEC_ENABLED: true
    ```
 
-4. Redeploy the function and invoke it. After a few minutes, it appears in [AAP views][3].
+4. Redeploy the function and invoke it. After a few minutes, it appears in [AAP views][6].
 
-[15]: https://docs.aws.amazon.com/lambda/latest/dg/configuration-layers.html
 
 {{% /tab %}}
 {{< /tabs >}}
@@ -219,16 +218,13 @@ The [Datadog CDK Construct][12] automatically installs Datadog on your functions
 {{< partial name="whats-next/whats-next.html" >}}
 
 [1]: https://app.datadoghq.com/services?query=type%3Afunction%20&env=prod&groupBy=&hostGroup=%2A&lens=Security&sort=-attackExposure&view=list
-[2]: /serverless/distributed_tracing/
-[3]: https://app.datadoghq.com/security/appsec?column=time&order=desc
-[5]: /actions/workflows/
-[6]: /security/application_security/waf-integration/
-[7]: https://docs.datadoghq.com/serverless/serverless_integrations/plugin
-[8]: https://docs.datadoghq.com/serverless/libraries_integrations/extension
-[9]: https://docs.datadoghq.com/serverless/libraries_integrations/plugin/#configuration-parameters
-[10]: https://docs.aws.amazon.com/sdk-for-javascript/v2/developer-guide/setting-credentials-node.html
-[11]: https://docs.datadoghq.com/serverless/serverless_integrations/cli
-[12]: https://github.com/DataDog/datadog-cdk-constructs
-[13]: https://app.datadoghq.com/organization-settings/api-keys
-[15]: https://docs.aws.amazon.com/lambda/latest/dg/configuration-layers.html
+[2]: https://docs.datadoghq.com/serverless/serverless_integrations/plugin
+[3]: /actions/workflows/
+[4]: /security/application_security/waf-integration/
+[5]: https://docs.datadoghq.com/serverless/libraries_integrations/plugin/#configuration-parameters
+[6]: https://app.datadoghq.com/security/appsec?column=time&order=desc
+[7]: https://docs.aws.amazon.com/sdk-for-javascript/v2/developer-guide/setting-credentials-node.html
+[8]: https://docs.datadoghq.com/serverless/serverless_integrations/cli
+[9]: https://github.com/DataDog/datadog-cdk-constructs
+[10]: https://app.datadoghq.com/organization-settings/api-keys
 [apm-lambda-tracing-setup]: https://docs.datadoghq.com/serverless/aws_lambda/distributed_tracing/