Use this Terraform module to install Datadog Serverless Monitoring for AWS Lambda.
This Terraform module wraps the aws_lambda_function resource and automatically configures your Lambda function for Datadog Serverless Monitoring by:
- Adding the Datadog Lambda layers
- Redirecting the Lambda handler
- Enabling the collection of metrics, traces, and logs to Datadog
module "lambda-datadog" {
source = "DataDog/lambda-datadog/aws"
version = "2.0.0"
filename = "example.zip"
function_name = "example-function"
role = aws_iam_role.lambda_role.arn
handler = "app.lambda_handler"
runtime = "python3.11"
memory_size = 256
environment_variables = {
"DD_API_KEY_SECRET_ARN" : "arn:aws:secretsmanager:us-east-1:000000000000:secret:example-secret"
"DD_ENV" : "dev"
"DD_SERVICE" : "example-service"
"DD_SITE": "datadoghq.com"
"DD_VERSION" : "1.0.0"
}
datadog_extension_layer_version = 67
datadog_python_layer_version = 104
}
module "lambda-datadog" {
source = "DataDog/lambda-datadog/aws"
version = "2.0.0"
filename = "example.zip"
function_name = "example-function"
role = aws_iam_role.lambda_role.arn
handler = "index.lambda_handler"
runtime = "nodejs22.x"
memory_size = 256
environment_variables = {
"DD_API_KEY_SECRET_ARN" : "arn:aws:secretsmanager:us-east-1:000000000000:secret:example-secret"
"DD_ENV" : "dev"
"DD_SERVICE" : "example-service"
"DD_SITE": "datadoghq.com"
"DD_VERSION" : "1.0.0"
}
datadog_extension_layer_version = 67
datadog_node_layer_version = 117
}
module "lambda-datadog" {
source = "DataDog/lambda-datadog/aws"
version = "2.0.0"
filename = "example.zip"
function_name = "example-function"
role = aws_iam_role.lambda_role.arn
handler = "Example::Example.Function::Handler"
runtime = "dotnet8"
memory_size = 256
environment_variables = {
"DD_API_KEY_SECRET_ARN" : "arn:aws:secretsmanager:us-east-1:000000000000:secret:example-secret"
"DD_ENV" : "dev"
"DD_SERVICE" : "example-service"
"DD_SITE": "datadoghq.com"
"DD_VERSION" : "1.0.0"
}
datadog_extension_layer_version = 67
datadog_dotnet_layer_version = 16
}
module "lambda-datadog" {
source = "DataDog/lambda-datadog/aws"
version = "2.0.0"
filename = "example.jar"
function_name = "example-function"
role = aws_iam_role.lambda_role.arn
handler = "com.example.Handler"
runtime = "java21"
memory_size = 1024
environment_variables = {
"DD_API_KEY_SECRET_ARN" : "arn:aws:secretsmanager:us-east-1:000000000000:secret:example-secret"
"DD_ENV" : "dev"
"DD_SERVICE" : "example-service"
"DD_SITE": "datadoghq.com"
"DD_VERSION" : "1.0.0"
}
datadog_extension_layer_version = 67
datadog_java_layer_version = 15
}
Arguments available in the aws_lambda_function resource are available in this Terraform module. Lambda functions created from container images are not supported by this module.
Arguments defined as blocks in the aws_lambda_function resource are redefined as variables with their nested arguments.
For example, in aws_lambda_function, environment is defined as a block with a variables argument. In this Terraform module, the value for the environment_variables is passed to the environment.variables argument in aws_lambda_function. See variables.tf for a complete list of variables in this module.
resource "aws_lambda_function" "example_lambda_function" {
function_name = "example-function"
...
environment {
variables = {
"DD_API_KEY_SECRET_ARN" : "arn:aws:secretsmanager:us-east-1:000000000000:secret:example-secret"
"DD_ENV" : "dev"
"DD_SITE": "datadoghq.com"
"DD_SERVICE" : "example-service"
"DD_VERSION" : "1.0.0"
}
}
...
}
module "lambda-datadog" {
source = "DataDog/lambda-datadog/aws"
version = "2.0.0"
function_name = "example-function"
...
environment_variables = {
"DD_API_KEY_SECRET_ARN" : "arn:aws:secretsmanager:us-east-1:000000000000:secret:example-secret"
"DD_ENV" : "dev"
"DD_SITE": "datadoghq.com"
"DD_SERVICE" : "example-service"
"DD_VERSION" : "1.0.0"
}
...
}
Use the following variables to select the versions of the Datadog Lambda layers to use. If no layer version is specified the latest version will be used.
| Variable | Description |
|---|---|
datadog_extension_layer_version |
Version of the Datadog Lambda Extension layer to install |
datadog_dotnet_layer_version |
Version of the Datadog .NET Lambda layer to install |
datadog_java_layer_version |
Version of the Datadog Java Lambda layer to install |
datadog_node_layer_version |
Version of the Datadog Node Lambda layer to install |
datadog_python_layer_version |
Version of the Datadog Python Lambda layer to install |
The default Datadog site is datadoghq.com. To use a different site set the DD_SITE environment variable to the desired destination site. See Getting Started with Datadog Sites for the available site values.
Use Environment variables to configure Datadog Serverless Monitoring. Refer to the documentation below for environment variables available in the Serverless Agent (packaged in the Extension layer) and in the Tracing libraries (packaged in the runtime layers).
- Serverless Agent Configuration
- Tracer Configuration
| Name | Version |
|---|---|
| terraform | >= 1.5.0 |
| aws | >= 5.77.0 |
| Name | Version |
|---|---|
| aws | >= 5.77.0 |
No modules.
| Name | Type |
|---|---|
| aws_lambda_function.this | resource |
| aws_region.current | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| architectures | Instruction set architecture for your Lambda function. Valid values are ["x86_64"] and ["arm64"]. | list(string) |
["x86_64"] |
no |
| code_signing_config_arn | To enable code signing for this function, specify the ARN of a code-signing configuration. A code-signing configuration includes a set of signing profiles, which define the trusted publishers for this function. | string |
null |
no |
| datadog_extension_layer_version | Version for the Datadog Extension Layer | number |
67 |
no |
| datadog_dotnet_layer_version | Version for the Datadog .NET Layer | number |
16 |
no |
| datadog_java_layer_version | Version for the Datadog Java Layer | number |
15 |
no |
| datadog_node_layer_version | Version for the Datadog Node Layer | number |
117 |
no |
| datadog_python_layer_version | Version for the Datadog Python Layer | number |
104 |
no |
| dead_letter_config_target_arn | ARN of an SNS topic or SQS queue to notify when an invocation fails. | string |
null |
no |
| description | Description of what your Lambda Function does. | string |
null |
no |
| environment_variables | Map of environment variables that are accessible from the function code during execution. | map(string) |
{} |
no |
| ephemeral_storage_size | The amount of Ephemeral storage(/tmp) to allocate for the Lambda Function in MB. | number |
null |
no |
| file_system_config_arn | Amazon Resource Name (ARN) of the Amazon EFS Access Point that provides access to the file system. | string |
null |
no |
| file_system_config_local_mount_path | Path where the function can access the file system, starting with /mnt/. | string |
null |
no |
| filename | Path to the function's deployment package within the local filesystem. | string |
null |
no |
| function_name | Unique name for your Lambda Function. | string |
null |
no |
| handler | Function entrypoint in your code. | string |
null |
no |
| kms_key_arn | Amazon Resource Name (ARN) of the AWS Key Management Service (KMS) key that is used to encrypt environment variables. | string |
null |
no |
| layers | List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function. | list(string) |
[] |
no |
| logging_config_application_log_level | For JSON structured logs, choose the detail level of the logs your application sends to CloudWatch when using supported logging libraries. | string |
null |
no |
| logging_config_log_format | Select between Text and structured JSON format for your function's logs. | string |
null |
no |
| logging_config_log_group | The CloudWatch log group your function sends logs to. | string |
null |
no |
| logging_config_system_log_level | For JSON structured logs, choose the detail level of the Lambda platform event logs sent to CloudWatch, such as ERROR, DEBUG, or INFO. | string |
null |
no |
| memory_size | Amount of memory in MB your Lambda Function can use at runtime. | number |
null |
no |
| package_type | Lambda deployment package type. | string |
null |
no |
| publish | Whether to publish creation/change as new Lambda Function Version. | bool |
null |
no |
| reserved_concurrent_executions | Amount of reserved concurrent executions for this lambda function. | number |
null |
no |
| role | Amazon Resource Name (ARN) of the function's execution role. The role provides the function's identity and access to AWS services and resources. | string |
null |
no |
| runtime | Identifier of the function's runtime. | string |
null |
no |
| s3_bucket | S3 bucket location containing the function's deployment package. | string |
null |
no |
| s3_key | S3 key of an object containing the function's deployment package. | string |
null |
no |
| s3_object_version | Object version containing the function's deployment package. | string |
null |
no |
| skip_destroy | Set to true if you do not wish the function to be deleted at destroy time, and instead just remove the function from the Terraform state. | bool |
null |
no |
| snap_start_apply_on | Conditions where snap start is enabled. | string |
null |
no |
| source_code_hash | Used to trigger updates. Must be set to a base64-encoded SHA256 hash of the package file specified with either filename or s3_key. | string |
null |
no |
| tags | Map of tags to assign to the object. | map(string) |
null |
no |
| timeout | Amount of time your Lambda Function has to run in seconds. | number |
null |
no |
| tracing_config_mode | Whether to sample and trace a subset of incoming requests with AWS X-Ray. | string |
null |
no |
| vpc_config_ipv6_allowed_for_dual_stack | Allows outbound IPv6 traffic on VPC functions that are connected to dual-stack subnets. | bool |
null |
no |
| vpc_config_security_group_ids | List of security group IDs associated with the Lambda function. | set(string) |
null |
no |
| vpc_config_subnet_ids | List of subnet IDs associated with the Lambda function. | set(string) |
null |
no |
| Name | Description |
|---|---|
| architectures | Instruction set architecture for your Lambda function. |
| arn | Amazon Resource Name (ARN) identifying your Lambda Function. |
| code_signing_config_arn | To enable code signing for this function, specify the ARN of a code-signing configuration. |
| dead_letter_config | ARN of an SNS topic or SQS queue to notify when an invocation fails. |
| description | Description of what your Lambda Function does. |
| environment | Map of environment variables that are accessible from the function code during execution. |
| ephemeral_storage | The amount of Ephemeral storage(/tmp) to allocate for the Lambda Function in MB. |
| file_system_config | Connection settings for an EFS file system. |
| filename | Path to the function's deployment package within the local filesystem. |
| function_name | Unique name for your Lambda Function |
| handler | Function entrypoint in your code. |
| invoke_arn | ARN to be used for invoking Lambda Function from API Gateway. |
| kms_key_arn | Amazon Resource Name (ARN) of the AWS Key Management Service (KMS) key that is used to encrypt environment variables. |
| last_modified | Date this resource was last modified. |
| layers | List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function. |
| logging_config | Advanced logging settings. |
| memory_size | Amount of memory in MB your Lambda Function can use at runtime. |
| package_type | Lambda deployment package type. |
| publish | Whether to publish creation/change as new Lambda Function Version. |
| qualified_arn | ARN identifying your Lambda Function Version. |
| qualified_invoke_arn | Qualified ARN (ARN with lambda version number) to be used for invoking Lambda Function from API Gateway. |
| reserved_concurrent_executions | Amount of reserved concurrent executions for this lambda function. |
| runtime | Identifier of the function's runtime. |
| s3_bucket | S3 bucket location containing the function's deployment package. |
| s3_key | S3 key of an object containing the function's deployment package. |
| s3_object_version | Object version containing the function's deployment package. |
| signing_job_arn | ARN of the signing job. |
| signing_profile_version_arn | ARN of the signing profile version. |
| skip_destroy | Set to true if you do not wish the function to be deleted at destroy time, and instead just remove the function from the Terraform state. |
| snap_start | Snap start settings for low-latency startups. |
| source_code_hash | Used to trigger updates. Must be set to a base64-encoded SHA256 hash of the package file specified with either filename or s3_key. |
| source_code_size | Size in bytes of the function .zip file. |
| tags | Map of tags to assign to the object. |
| tags_all | A map of tags assigned to the resource, including those inherited from the provider. |
| timeout | Amount of time your Lambda Function has to run in seconds. |
| tracing_config | Tracing settings. |
| version | Latest published version of your Lambda Function. |
| vpc_config | VPC settings. |