architectures |
Instruction set architecture for your Lambda function. Valid values are ["x86_64"] and ["arm64"] . Default is ["x86_64"] |
list(string) |
[ "x86_64" ] |
no |
create |
Controls whether the forwarder resources should be created |
bool |
true |
no |
create_role |
Controls whether an IAM role is created for the forwarder |
bool |
true |
no |
create_role_policy |
Controls whether an IAM role policy is created for the forwarder |
bool |
true |
no |
dd_api_key_secret_arn |
The ARN of the Secrets Manager secret storing the Datadog API key, if you already have it stored in Secrets Manager |
string |
"" |
no |
dd_app_key |
The Datadog application key associated with the user account that created it, which can be found from the APIs page |
string |
"" |
no |
dd_site |
Define your Datadog Site to send data to. For the Datadog EU site, set to datadoghq.eu |
string |
"datadoghq.com" |
no |
environment_variables |
A map of environment variables for the forwarder lambda function |
map(string) |
{} |
no |
forwarder_version |
VPC flow log monitoring version - see https://github.com/DataDog/datadog-serverless-functions/releases |
string |
"3.130.0" |
no |
kms_alias |
Alias of KMS key used to encrypt the Datadog API keys - must start with alias/ |
string |
n/a |
yes |
kms_key_arn |
KMS key that is used to encrypt environment variables. If this configuration is not provided when environment variables are in use, AWS Lambda uses a default service key |
string |
null |
no |
lambda_tags |
A map of tags to apply to the forwarder lambda function |
map(string) |
{} |
no |
layers |
List of Lambda Layer Version ARNs (maximum of 5) to attach to the forwarder lambda |
list(string) |
[] |
no |
log_kms_key_id |
The AWS KMS Key ARN to use for CloudWatch log group encryption |
string |
null |
no |
log_retention_days |
Forwarder CloudWatch log group retention in days |
number |
7 |
no |
memory_size |
Memory size for the forwarder lambda function |
number |
256 |
no |
name |
Forwarder lambda name |
string |
"datadog-vpc-flow-log-forwarder" |
no |
policy_arn |
IAM policy arn for forwarder lambda function to utilize |
string |
null |
no |
policy_name |
Forwarder policy name |
string |
"" |
no |
policy_path |
Forwarder policy path |
string |
null |
no |
publish |
Whether to publish creation/change as a new Lambda Function Version |
bool |
false |
no |
read_cloudwatch_logs |
Whether the forwarder will read CloudWatch log groups for VPC flow logs |
bool |
false |
no |
reserved_concurrent_executions |
The amount of reserved concurrent executions for the forwarder lambda function |
number |
10 |
no |
role_arn |
IAM role arn for forwarder lambda function to utilize |
string |
null |
no |
role_max_session_duration |
The maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default maximum of one hour is applied. This setting can have a value from 1 hour to 12 hours |
number |
null |
no |
role_name |
Forwarder role name |
string |
"" |
no |
role_path |
Forwarder role path |
string |
null |
no |
role_permissions_boundary |
The ARN of the policy that is used to set the permissions boundary for the forwarder role |
string |
null |
no |
role_tags |
A map of tags to apply to the forwarder role |
map(string) |
{} |
no |
runtime |
Lambda function runtime |
string |
"python3.11" |
no |
s3_log_bucket_arns |
S3 log buckets for forwarder to read and forward VPC flow logs to Datadog |
list(string) |
[] |
no |
security_group_ids |
List of security group ids when Lambda Function should run in the VPC |
list(string) |
null |
no |
subnet_ids |
List of subnet ids when Lambda Function should run in the VPC. Usually private or intra subnets |
list(string) |
null |
no |
tags |
A map of tags to use on all resources |
map(string) |
{} |
no |
timeout |
The amount of time the forwarder lambda has to execute in seconds |
number |
10 |
no |
use_policy_name_prefix |
Whether to use unique name beginning with the specified policy_name for the forwarder policy |
bool |
false |
no |
use_role_name_prefix |
Whether to use unique name beginning with the specified role_name for the forwarder role |
bool |
false |
no |