https://github.com/rhythmictech/terraform-aws-datadog
Creates and manages a Datadog AWS integration. This module performs the necessary integrations in both Datadog and AWS and thus uses providers for each.
https://github.com/rhythmictech/terraform-aws-datadog
Last synced: 9 days ago
JSON representation
Creates and manages a Datadog AWS integration. This module performs the necessary integrations in both Datadog and AWS and thus uses providers for each.
- Host: GitHub
- URL: https://github.com/rhythmictech/terraform-aws-datadog
- Owner: rhythmictech
- License: mit
- Created: 2022-01-21T15:09:45.000Z (about 4 years ago)
- Default Branch: master
- Last Pushed: 2026-01-15T19:52:36.000Z (27 days ago)
- Last Synced: 2026-01-17T00:43:36.424Z (26 days ago)
- Language: HCL
- Homepage: https://registry.terraform.io/modules/rhythmictech/datadog/aws/latest
- Size: 194 KB
- Stars: 5
- Watchers: 0
- Forks: 1
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- License: LICENSE
- Codeowners: .github/CODEOWNERS
- Security: securityhub.tf
Awesome Lists containing this project
README
# terraform-aws-datadog
[](https://github.com/rhythmictech/terraform-aws-datadog/actions/workflows/tflint.yaml)
[](https://github.com/rhythmictech/terraform-aws-datadog/actions/workflows/trivy.yaml)
[](https://github.com/rhythmictech/terraform-aws-datadog/actions/workflows/yamllint.yaml)
[](https://github.com/rhythmictech/terraform-aws-datadog/actions/workflows/misspell.yaml)
[](https://github.com/rhythmictech/terraform-aws-datadog/actions/workflows/pre-commit.yaml)
Creates and manages a Datadog AWS integration. This module performs the necessary integrations in both Datadog and AWS and thus uses providers for each. Supported features include:
* AWS Health event forwarding
* CloudTrail log forwarding
* Cost and Usage report configuration
* GuardDuty finding forwarding
* Main log index configuration
* RDS enhanced monitoring
* Usage anomaly detection
## Requirements
* DataDog provider
* DataDog API key
## Example
This configures a DataDog integration with the log forwarder installed and configured for Lambda only.
```hcl
provider "datadog" {
api_key = var.datadog_api_key
app_key = var.datadog_app_key
}
module "datadog" {
source = "rhythmictech/datadog/aws"
name = "datadog-integration"
install_log_forwarder = true
log_forwarder_sources = ["lambda"]
}
```
## About
By default it installs the DataDog log forwarder. Can also optionally install the RDS Enhanced metrics forwarder.
## RDS Metrics
RDS Metric Capture requires an additional Lambda. We pull that Lambda directly from the Datadog repo it is actively developed in. You can specify the version of the forwarder but the module is tested against the default version.
Example adding RDS metrics forwarding and logging:
```
import {
to = aws_cloudwatch_log_group.rds_group
id = "/aws/rds/instance/production-db/postgresql"
}
resource "aws_cloudwatch_log_group" "rds_group" {
name = "/aws/rds/instance/production-db/postgresql"
retention_in_days = 14
}
resource "aws_lambda_permission" "cloudwatch" {
statement_id = "datadog-forwarder-RDSCloudWatchLogsPermission"
action = "lambda:InvokeFunction"
function_name = reverse(split(":", module.datadog.lambda_arn_forwarder))[0]
principal = "logs.amazonaws.com"
source_arn = "arn:aws:logs:us-east-1:0123456789012:log-group:/aws/rds/instance/production-db/postgresql:*"
}
resource "aws_cloudwatch_log_subscription_filter" "rds_log_forwarding" {
name = "production-db"
log_group_name = "/aws/rds/instance/production-db/postgresql"
filter_pattern = ""
destination_arn = module.datadog.lambda_arn_forwarder
}
module "datadog" {
source = "rhythmictech/datadog/aws"
name = "datadog-integration"
enable_cspm_resource_collection = true
install_log_forwarder = true
install_rds_enhanced_monitoring_lambda = true
log_forwarder_sources = ["lambda"]
tags = local.tags
}
```
## Requirements
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | ~> 1.5 |
| [archive](#requirement\_archive) | >= 2.2.0 |
| [aws](#requirement\_aws) | >= 5.41 |
| [datadog](#requirement\_datadog) | >= 3.39 |
| [http](#requirement\_http) | >= 3.4 |
| [null](#requirement\_null) | >= 3.1.0 |
| [time](#requirement\_time) | >= 0.12 |
## Providers
| Name | Version |
|------|---------|
| [archive](#provider\_archive) | 2.7.0 |
| [aws](#provider\_aws) | 5.84.0 |
| [datadog](#provider\_datadog) | 3.53.0 |
| [http](#provider\_http) | 3.4.5 |
| [null](#provider\_null) | 3.2.3 |
| [time](#provider\_time) | 0.12.1 |
## Modules
| Name | Source | Version |
|------|--------|---------|
| [tags](#module\_tags) | rhythmictech/tags/terraform | ~> 1.1 |
## Resources
| Name | Type |
|------|------|
| [aws_cloudformation_stack.datadog_forwarder](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudformation_stack) | resource |
| [aws_cloudwatch_event_rule.awshealth](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_rule) | resource |
| [aws_cloudwatch_event_rule.guardduty](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_rule) | resource |
| [aws_cloudwatch_event_rule.securityhub_to_datadog](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_rule) | resource |
| [aws_cloudwatch_event_target.awshealth](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_target) | resource |
| [aws_cloudwatch_event_target.guardduty](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_target) | resource |
| [aws_cloudwatch_event_target.securityhub_to_datadog](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_target) | resource |
| [aws_cloudwatch_log_subscription_filter.cloudwatch_logs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_subscription_filter) | resource |
| [aws_cloudwatch_log_subscription_filter.rds_enhanced_monitoring](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_subscription_filter) | resource |
| [aws_cur_report_definition.cur](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cur_report_definition) | resource |
| [aws_iam_access_key.datadog](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_access_key) | resource |
| [aws_iam_policy.datadog](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
| [aws_iam_policy.datadog_cost_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
| [aws_iam_policy.rds_enhanced_monitoring](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
| [aws_iam_role.datadog](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
| [aws_iam_role.rds_enhanced_monitoring](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
| [aws_iam_role_policy_attachment.cspm](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
| [aws_iam_role_policy_attachment.datadog](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
| [aws_iam_role_policy_attachment.datadog_cost_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
| [aws_iam_role_policy_attachment.rds_enhanced_monitoring](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
| [aws_iam_user.datadog](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_user) | resource |
| [aws_iam_user_policy_attachment.cspm_user](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_user_policy_attachment) | resource |
| [aws_iam_user_policy_attachment.datadog](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_user_policy_attachment) | resource |
| [aws_lambda_function.rds_enhanced_monitoring](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function) | resource |
| [aws_lambda_permission.awshealth_trigger](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission) | resource |
| [aws_lambda_permission.bucket_trigger](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission) | resource |
| [aws_lambda_permission.cloudwatch_logs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission) | resource |
| [aws_lambda_permission.guardduty_trigger](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission) | resource |
| [aws_lambda_permission.securityhub_trigger](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission) | resource |
| [aws_s3_bucket.local_cur](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket) | resource |
| [aws_s3_bucket_lifecycle_configuration.local_cur](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_lifecycle_configuration) | resource |
| [aws_s3_bucket_notification.bucket_notification](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_notification) | resource |
| [aws_s3_bucket_policy.local_cur](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_policy) | resource |
| [aws_s3_bucket_public_access_block.local_cur](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_public_access_block) | resource |
| [aws_s3_bucket_server_side_encryption_configuration.local_cur](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_server_side_encryption_configuration) | resource |
| [aws_s3_bucket_versioning.local_cur](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_versioning) | resource |
| [aws_secretsmanager_secret.datadog](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret) | resource |
| [aws_secretsmanager_secret_version.datadog](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret_version) | resource |
| [datadog_api_key.datadog](https://registry.terraform.io/providers/datadog/datadog/latest/docs/resources/api_key) | resource |
| [datadog_integration_aws.datadog](https://registry.terraform.io/providers/datadog/datadog/latest/docs/resources/integration_aws) | resource |
| [datadog_integration_aws_lambda_arn.datadog_forwarder](https://registry.terraform.io/providers/datadog/datadog/latest/docs/resources/integration_aws_lambda_arn) | resource |
| [datadog_integration_aws_log_collection.datadog_forwarder](https://registry.terraform.io/providers/datadog/datadog/latest/docs/resources/integration_aws_log_collection) | resource |
| [datadog_logs_custom_pipeline.health](https://registry.terraform.io/providers/datadog/datadog/latest/docs/resources/logs_custom_pipeline) | resource |
| [datadog_logs_index.main](https://registry.terraform.io/providers/datadog/datadog/latest/docs/resources/logs_index) | resource |
| [datadog_monitor.anomaly_usage](https://registry.terraform.io/providers/datadog/datadog/latest/docs/resources/monitor) | resource |
| [datadog_monitor.estimated_usage](https://registry.terraform.io/providers/datadog/datadog/latest/docs/resources/monitor) | resource |
| [datadog_monitor.limit_exceeded](https://registry.terraform.io/providers/datadog/datadog/latest/docs/resources/monitor) | resource |
| [null_resource.rds_enhanced_monitoring](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
| [time_sleep.wait_datadog_forwarder](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/sleep) | resource |
| [archive_file.rds_enhanced_monitoring](https://registry.terraform.io/providers/hashicorp/archive/latest/docs/data-sources/file) | data source |
| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
| [aws_iam_policy_document.assume](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
| [aws_iam_policy_document.datadog_cost_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
| [aws_iam_policy_document.local_cur](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
| [aws_iam_policy_document.rds_enhanced_monitoring](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
| [aws_iam_policy_document.rds_enhanced_monitoring_assume](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
| [aws_partition.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/partition) | data source |
| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
| [http_http.rds_enhanced_monitoring](https://registry.terraform.io/providers/hashicorp/http/latest/docs/data-sources/http) | data source |
## Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| [access\_method](#input\_access\_method) | Access method to use for Datadog integration (recommended not to change unless using GovCloud or China regions, must be either `user` or `role`) | `string` | `"role"` | no |
| [cur\_bucket\_suffix](#input\_cur\_bucket\_suffix) | Suffix to append to the CUR bucket name ([ACCOUNT\_ID]-[REGION]-[cur\_bucket\_suffix]) | `string` | `"datadog-cur-data"` | no |
| [datadog\_account\_id](#input\_datadog\_account\_id) | DataDog AWS account ID (should not need changed) | `string` | `"464622532012"` | no |
| [datadog\_site\_name](#input\_datadog\_site\_name) | DataDog site (e.g., datadoghq.com) | `string` | `"datadoghq.com"` | no |
| [enable\_cspm\_resource\_collection](#input\_enable\_cspm\_resource\_collection) | Whether Datadog collects cloud security posture management resources from your AWS account. This includes additional resources not covered under the general resource\_collection. | `bool` | `false` | no |
| [enable\_cur\_collection](#input\_enable\_cur\_collection) | Configure a Cost and Usage Reporting export (uses legacy CUR) suitable for ingestion by Datadog. This does not fully configure Datadog due to lack of Terraform support but does do everything on the AWS side to prepare for enabling cost monitoring in Datadog. | `bool` | `false` | no |
| [enable\_estimated\_usage\_detection](#input\_enable\_estimated\_usage\_detection) | Enable estimated usage anomaly and forecast monitoring | `bool` | `false` | no |
| [enable\_guardduty\_notifications](#input\_enable\_guardduty\_notifications) | Send GuardDuty notifications to Datadog (`install_log_forwarder` must be true). This routes GuardDuty events to the log forwarder. GuardDuty events can also be received as a Datadog Event through Cloud Security Monitoring. | `bool` | `true` | no |
| [enable\_health\_notifications](#input\_enable\_health\_notifications) | Send AWS health notifications to Datadog (`install_log_forwarder` must be true). This routes AWS Health events to the log forwarder. Health events can also be received as a Datadog Event through the AWS Health integration. | `bool` | `true` | no |
| [enable\_rds\_enhanced\_monitoring\_lambda](#input\_enable\_rds\_enhanced\_monitoring\_lambda) | Install the RDS Enhanced Monitoring Lambda | `bool` | `false` | no |
| [enable\_resource\_collection](#input\_enable\_resource\_collection) | Enable or disable resource collection | `bool` | `true` | no |
| [enable\_securityhub\_notifications](#input\_enable\_securityhub\_notifications) | Send Security Hub notifications to Datadog (`install_log_forwarder` must be true). This routes Security Hub events to the log forwarder. | `bool` | `false` | no |
| [estimated\_usage\_anomaly\_message](#input\_estimated\_usage\_anomaly\_message) | Message for usage anomaly alerts | `string` | `"Datadog usage anomaly detected"` | no |
| [estimated\_usage\_detection\_config](#input\_estimated\_usage\_detection\_config) | Map of usage types to monitor. | `map(any)` | `{}` | no |
| [estimated\_usage\_detection\_default\_config](#input\_estimated\_usage\_detection\_default\_config) | Map of default usage monitoring settings for each metric type. All are disabled by default.
Anomaly monitoring uses Datadog's anomaly detection feature. See https://docs.datadoghq.com/monitors/types/anomaly/ for documentation.
Estimated usage monitoring uses simple thresholds on the `estimated_usage` metric family. By default, host thresholds are by day,
as Datadog uses the peak instance count for the month on a 99th percentile basis. It may make sense to make this a shorter window,
especially if you have variable workloads. Log monitors are cumulative across the month, from the first day of the month at 00:00 UTC. |
map(object({
anomaly_enabled = bool
anomaly_span = string
anomaly_threshold = number
anomaly_window = string
anomaly_deviations = number
anomaly_seasonality = string
anomaly_rollup = number
estimated_usage_enabled = bool
estimated_usage_span = optional(string)
estimated_usage_threshold = number
})) | {
"hosts": {
"anomaly_deviations": 1,
"anomaly_enabled": false,
"anomaly_rollup": 600,
"anomaly_seasonality": "daily",
"anomaly_span": "last_1d",
"anomaly_threshold": 0.15,
"anomaly_window": "last_1h",
"estimated_usage_enabled": false,
"estimated_usage_span": "current_1d",
"estimated_usage_threshold": 1000
},
"logs_indexed": {
"anomaly_deviations": 2,
"anomaly_enabled": false,
"anomaly_rollup": 60,
"anomaly_seasonality": "hourly",
"anomaly_span": "last_1d",
"anomaly_threshold": 0.15,
"anomaly_window": "last_1h",
"estimated_usage_enabled": false,
"estimated_usage_span": "current_1mo",
"estimated_usage_threshold": 1000
},
"logs_ingested": {
"anomaly_deviations": 2,
"anomaly_enabled": false,
"anomaly_rollup": 60,
"anomaly_seasonality": "hourly",
"anomaly_span": "last_1d",
"anomaly_threshold": 0.15,
"anomaly_window": "last_1h",
"estimated_usage_enabled": false,
"estimated_usage_span": "current_1mo",
"estimated_usage_threshold": 1000
}
} | no |
| [estimated\_usage\_threshold\_message](#input\_estimated\_usage\_threshold\_message) | Message for usage threshold alerts | `string` | `"Datadog usage threshold exceeded"` | no |
| [forward\_buckets](#input\_forward\_buckets) | Bucket(s) to collect logs from (using object notifications) | `list(string)` | `[]` | no |
| [forward\_log\_groups](#input\_forward\_log\_groups) | CloudWatch Log Group names to collect logs from (using filter subscriptions) | `list(string)` | `[]` | no |
| [install\_log\_forwarder](#input\_install\_log\_forwarder) | controls whether log forwarder lambda should be installed | `bool` | `true` | no |
| [integration\_default\_namespace\_rules](#input\_integration\_default\_namespace\_rules) | Set all services to disabled by default. | `map(bool)` | {
"api_gateway": false,
"application_elb": false,
"apprunner": false,
"appstream": false,
"appsync": false,
"athena": false,
"auto_scaling": false,
"backup": false,
"bedrock": false,
"billing": false,
"budgeting": false,
"certificatemanager": false,
"cloudfront": false,
"cloudhsm": false,
"cloudsearch": false,
"cloudwatch_events": false,
"cloudwatch_logs": false,
"codebuild": false,
"codewhisperer": false,
"cognito": false,
"collect_custom_metrics": false,
"connect": false,
"crawl_alarms": false,
"directconnect": false,
"dms": false,
"documentdb": false,
"dynamodb": false,
"dynamodbaccelerator": false,
"ebs": false,
"ec2": false,
"ec2api": false,
"ec2spot": false,
"ecr": false,
"ecs": false,
"efs": false,
"elasticache": false,
"elasticbeanstalk": false,
"elasticinference": false,
"elastictranscoder": false,
"elb": false,
"emr": false,
"es": false,
"firehose": false,
"fsx": false,
"gamelift": false,
"globalaccelerator": false,
"glue": false,
"inspector": false,
"iot": false,
"keyspaces": false,
"kinesis": false,
"kinesis_analytics": false,
"kms": false,
"lambda": false,
"lex": false,
"mediaconnect": false,
"mediaconvert": false,
"medialive": false,
"mediapackage": false,
"mediastore": false,
"mediatailor": false,
"memorydb": false,
"ml": false,
"mq": false,
"msk": false,
"mwaa": false,
"nat_gateway": false,
"neptune": false,
"network_elb": false,
"networkfirewall": false,
"networkmonitor": false,
"opsworks": false,
"polly": false,
"privatelinkendpoints": false,
"privatelinkservices": false,
"rds": false,
"rdsproxy": false,
"redshift": false,
"rekognition": false,
"route53": false,
"route53resolver": false,
"s3": false,
"s3storagelens": false,
"sagemaker": false,
"sagemakerendpoints": false,
"sagemakerlabelingjobs": false,
"sagemakermodelbuildingpipeline": false,
"sagemakerprocessingjobs": false,
"sagemakertrainingjobs": false,
"sagemakertransformjobs": false,
"sagemakerworkteam": false,
"service_quotas": false,
"ses": false,
"shield": false,
"sns": false,
"sqs": false,
"step_functions": false,
"storage_gateway": false,
"swf": false,
"textract": false,
"transitgateway": false,
"translate": false,
"trusted_advisor": false,
"usage": false,
"vpn": false,
"waf": false,
"wafv2": false,
"workspaces": false,
"xray": false
} | no |
| [integration\_excluded\_regions](#input\_integration\_excluded\_regions) | Regions to exclude from DataDog monitoring | `list(string)` | `[]` | no |
| [integration\_filter\_tags](#input\_integration\_filter\_tags) | Tags to filter EC2 instances on (see https://registry.terraform.io/providers/DataDog/datadog/latest/docs/resources/integration_aws) | `list(string)` | `[]` | no |
| [integration\_host\_tags](#input\_integration\_host\_tags) | Tags to apply to instances (see https://registry.terraform.io/providers/DataDog/datadog/latest/docs/resources/integration_aws) | `list(string)` | `[]` | no |
| [integration\_namespace\_rules](#input\_integration\_namespace\_rules) | Map of AWS services to allow in the integration. Defaults to none. | `map(bool)` | `{}` | no |
| [log\_forwarder\_sources](#input\_log\_forwarder\_sources) | List of services to automatically ingest all logs from (see https://docs.datadoghq.com/api/latest/aws-logs-integration/#get-list-of-aws-log-ready-services) | `list(string)` | `[]` | no |
| [log\_limit\_exceeded\_message](#input\_log\_limit\_exceeded\_message) | Message for log limit warning alerts (alert suppressed if null) | `string` | `null` | no |
| [logs\_main\_index\_daily\_limit](#input\_logs\_main\_index\_daily\_limit) | Daily log limit for the main index (only used if `logs_manage_main_index == true`) | `number` | `null` | no |
| [logs\_main\_index\_daily\_limit\_reset\_offset](#input\_logs\_main\_index\_daily\_limit\_reset\_offset) | The reset time timezone offset for the daily limit of the main logs index (specify as +HH:MM or -HH:MM) | `string` | `"+00:00"` | no |
| [logs\_main\_index\_daily\_limit\_reset\_time](#input\_logs\_main\_index\_daily\_limit\_reset\_time) | The reset time for the daily limit of the main logs index (specify as HH:MM) | `string` | `"00:00"` | no |
| [logs\_main\_index\_daily\_limit\_warn\_threshold](#input\_logs\_main\_index\_daily\_limit\_warn\_threshold) | Warning threshold for daily log volume for the main index (only used if `logs_manage_main_index == true`) | `number` | `0.9` | no |
| [logs\_main\_index\_exclusion\_filters](#input\_logs\_main\_index\_exclusion\_filters) | A list of maps defining exclusion filters for the main index | list(object({
name = string
is_enabled = bool
filter = object({
query = string
sample_rate = number
})
})) | `[]` | no |
| [logs\_main\_index\_retention\_days](#input\_logs\_main\_index\_retention\_days) | The number of days to retain logs in the main index (only used if `logs_manage_main_index == true`) | `number` | `15` | no |
| [logs\_manage\_main\_index](#input\_logs\_manage\_main\_index) | A boolean flag to manage the main Datadog logs index | `bool` | `false` | no |
| [name](#input\_name) | Moniker to apply to all resources in the module | `string` | n/a | yes |
| [rds\_enhanced\_monitoring\_forwarder\_version](#input\_rds\_enhanced\_monitoring\_forwarder\_version) | Version of the Datadog RDS enhanced monitoring lambda to use (module is only tested against the default version) | `string` | `"3.103.0"` | no |
| [renotify\_interval](#input\_renotify\_interval) | Renotify interval for all alerts (set to null to disable) | `number` | `30` | no |
| [renotify\_statuses](#input\_renotify\_statuses) | Renotify statuses for all alerts (not used if `renotify_interval` is null) | `list(string)` | [
"alert"
]
| no |
| [tags](#input\_tags) | User-Defined tags | `map(string)` | `{}` | no |
| [use\_full\_permissions](#input\_use\_full\_permissions) | Controls whether DataDog is given full permissions or core permissions. Generally you want full. | `bool` | `true` | no |
## Outputs
| Name | Description |
|------|-------------|
| [iam\_role\_datadog](#output\_iam\_role\_datadog) | IAM role assumed by Datadog resources |
| [iam\_user\_datadog](#output\_iam\_user\_datadog) | IAM user accessed by Datadog resources (when `access_method == user`) |
| [lambda\_arn\_forwarder](#output\_lambda\_arn\_forwarder) | DataDog Lambda Forwarder ARN |