Skip to content

Commit

Permalink
feature: upgrade the datadog integration module, exposing the latest …
Browse files Browse the repository at this point in the history
…settings (#207)

feature: upgrade the datadog integration module, exposing the latest settings
  • Loading branch information
marwinbaumannsbp authored Aug 8, 2024
1 parent 59f6512 commit f0f201f
Show file tree
Hide file tree
Showing 3 changed files with 50 additions and 30 deletions.
8 changes: 4 additions & 4 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -443,9 +443,9 @@ module "landing_zone" {
| <a name="module_audit_manager_reports"></a> [audit\_manager\_reports](#module\_audit\_manager\_reports) | schubergphilis/mcaf-s3/aws | 0.12.1 |
| <a name="module_aws_config_s3"></a> [aws\_config\_s3](#module\_aws\_config\_s3) | github.com/schubergphilis/terraform-aws-mcaf-s3 | v0.8.0 |
| <a name="module_aws_sso_permission_sets"></a> [aws\_sso\_permission\_sets](#module\_aws\_sso\_permission\_sets) | ./modules/permission-set | n/a |
| <a name="module_datadog_audit"></a> [datadog\_audit](#module\_datadog\_audit) | github.com/schubergphilis/terraform-aws-mcaf-datadog | v0.3.12 |
| <a name="module_datadog_logging"></a> [datadog\_logging](#module\_datadog\_logging) | github.com/schubergphilis/terraform-aws-mcaf-datadog | v0.3.12 |
| <a name="module_datadog_master"></a> [datadog\_master](#module\_datadog\_master) | github.com/schubergphilis/terraform-aws-mcaf-datadog | v0.3.12 |
| <a name="module_datadog_audit"></a> [datadog\_audit](#module\_datadog\_audit) | github.com/schubergphilis/terraform-aws-mcaf-datadog | v0.7.0 |
| <a name="module_datadog_logging"></a> [datadog\_logging](#module\_datadog\_logging) | github.com/schubergphilis/terraform-aws-mcaf-datadog | v0.7.0 |
| <a name="module_datadog_master"></a> [datadog\_master](#module\_datadog\_master) | github.com/schubergphilis/terraform-aws-mcaf-datadog | v0.7.0 |
| <a name="module_kms_key"></a> [kms\_key](#module\_kms\_key) | github.com/schubergphilis/terraform-aws-mcaf-kms | v0.3.0 |
| <a name="module_kms_key_audit"></a> [kms\_key\_audit](#module\_kms\_key\_audit) | github.com/schubergphilis/terraform-aws-mcaf-kms | v0.3.0 |
| <a name="module_kms_key_logging"></a> [kms\_key\_logging](#module\_kms\_key\_logging) | github.com/schubergphilis/terraform-aws-mcaf-kms | v0.3.0 |
Expand Down Expand Up @@ -553,7 +553,7 @@ module "landing_zone" {
| <a name="input_aws_security_hub_sns_subscription"></a> [aws\_security\_hub\_sns\_subscription](#input\_aws\_security\_hub\_sns\_subscription) | Subscription options for the LandingZone-SecurityHubFindings SNS topic | <pre>map(object({<br> endpoint = string<br> protocol = string<br> }))</pre> | `{}` | no |
| <a name="input_aws_service_control_policies"></a> [aws\_service\_control\_policies](#input\_aws\_service\_control\_policies) | AWS SCP's parameters to disable required/denied policies, set a list of allowed AWS regions, and set principals that are exempt from the restriction | <pre>object({<br> allowed_regions = optional(list(string), [])<br> aws_deny_disabling_security_hub = optional(bool, true)<br> aws_deny_leaving_org = optional(bool, true)<br> aws_deny_root_user_ous = optional(list(string), [])<br> aws_require_imdsv2 = optional(bool, true)<br> principal_exceptions = optional(list(string), [])<br> })</pre> | `{}` | no |
| <a name="input_aws_sso_permission_sets"></a> [aws\_sso\_permission\_sets](#input\_aws\_sso\_permission\_sets) | Map of AWS IAM Identity Center permission sets with AWS accounts and group names that should be granted access to each account | <pre>map(object({<br> assignments = list(map(list(string)))<br> inline_policy = optional(string, null)<br> managed_policy_arns = optional(list(string), [])<br> session_duration = optional(string, "PT4H")<br> }))</pre> | `{}` | no |
| <a name="input_datadog"></a> [datadog](#input\_datadog) | Datadog integration options for the core accounts | <pre>object({<br> api_key = string<br> enable_integration = bool<br> install_log_forwarder = optional(bool, false)<br> log_collection_services = optional(list(string), [])<br> site_url = string<br> })</pre> | `null` | no |
| <a name="input_datadog"></a> [datadog](#input\_datadog) | Datadog integration options for the core accounts | <pre>object({<br> api_key = string<br> cspm_resource_collection_enabled = optional(bool, false)<br> enable_integration = bool<br> extended_resource_collection_enabled = optional(bool, false)<br> install_log_forwarder = optional(bool, false)<br> log_collection_services = optional(list(string), [])<br> log_forwarder_version = optional(string)<br> metric_tag_filters = optional(map(string), {})<br> namespace_rules = optional(list(string), [])<br> site_url = string<br> })</pre> | `null` | no |
| <a name="input_datadog_excluded_regions"></a> [datadog\_excluded\_regions](#input\_datadog\_excluded\_regions) | List of regions where metrics collection will be disabled. | `list(string)` | `[]` | no |
| <a name="input_kms_key_policy"></a> [kms\_key\_policy](#input\_kms\_key\_policy) | A list of valid KMS key policy JSON documents | `list(string)` | `[]` | no |
| <a name="input_kms_key_policy_audit"></a> [kms\_key\_policy\_audit](#input\_kms\_key\_policy\_audit) | A list of valid KMS key policy JSON document for use with audit KMS key | `list(string)` | `[]` | no |
Expand Down
57 changes: 36 additions & 21 deletions datadog.tf
Original file line number Diff line number Diff line change
Expand Up @@ -3,38 +3,53 @@ module "datadog_audit" {
count = try(var.datadog.enable_integration, false) == true ? 1 : 0
providers = { aws = aws.audit }

source = "github.com/schubergphilis/terraform-aws-mcaf-datadog?ref=v0.3.12"
api_key = try(var.datadog.api_key, null)
excluded_regions = var.datadog_excluded_regions
install_log_forwarder = var.datadog.install_log_forwarder
log_collection_services = var.datadog.log_collection_services
site_url = try(var.datadog.site_url, null)
tags = var.tags
source = "github.com/schubergphilis/terraform-aws-mcaf-datadog?ref=v0.7.0"
api_key = try(var.datadog.api_key, null)
cspm_resource_collection_enabled = var.datadog.cspm_resource_collection_enabled
excluded_regions = var.datadog_excluded_regions
extended_resource_collection_enabled = var.datadog.extended_resource_collection_enabled
install_log_forwarder = var.datadog.install_log_forwarder
log_collection_services = var.datadog.log_collection_services
log_forwarder_version = var.datadog.log_forwarder_version
metric_tag_filters = var.datadog.metric_tag_filters
namespace_rules = var.datadog.namespace_rules
site_url = try(var.datadog.site_url, null)
tags = var.tags
}

module "datadog_master" {
#checkov:skip=CKV_AWS_124: since this is managed by terraform, we reason that this already provides feedback and a seperate SNS topic is therefore not required
count = try(var.datadog.enable_integration, false) == true ? 1 : 0

source = "github.com/schubergphilis/terraform-aws-mcaf-datadog?ref=v0.3.12"
api_key = try(var.datadog.api_key, null)
excluded_regions = var.datadog_excluded_regions
install_log_forwarder = var.datadog.install_log_forwarder
log_collection_services = var.datadog.log_collection_services
site_url = try(var.datadog.site_url, null)
tags = var.tags
source = "github.com/schubergphilis/terraform-aws-mcaf-datadog?ref=v0.7.0"
api_key = try(var.datadog.api_key, null)
cspm_resource_collection_enabled = var.datadog.cspm_resource_collection_enabled
excluded_regions = var.datadog_excluded_regions
extended_resource_collection_enabled = var.datadog.extended_resource_collection_enabled
install_log_forwarder = var.datadog.install_log_forwarder
log_collection_services = var.datadog.log_collection_services
log_forwarder_version = var.datadog.log_forwarder_version
metric_tag_filters = var.datadog.metric_tag_filters
namespace_rules = var.datadog.namespace_rules
site_url = try(var.datadog.site_url, null)
tags = var.tags
}

module "datadog_logging" {
#checkov:skip=CKV_AWS_124: since this is managed by terraform, we reason that this already provides feedback and a seperate SNS topic is therefore not required
count = try(var.datadog.enable_integration, false) == true ? 1 : 0
providers = { aws = aws.logging }

source = "github.com/schubergphilis/terraform-aws-mcaf-datadog?ref=v0.3.12"
api_key = try(var.datadog.api_key, null)
excluded_regions = var.datadog_excluded_regions
install_log_forwarder = var.datadog.install_log_forwarder
log_collection_services = var.datadog.log_collection_services
site_url = try(var.datadog.site_url, null)
tags = var.tags
source = "github.com/schubergphilis/terraform-aws-mcaf-datadog?ref=v0.7.0"
api_key = try(var.datadog.api_key, null)
cspm_resource_collection_enabled = var.datadog.cspm_resource_collection_enabled
excluded_regions = var.datadog_excluded_regions
extended_resource_collection_enabled = var.datadog.extended_resource_collection_enabled
install_log_forwarder = var.datadog.install_log_forwarder
log_collection_services = var.datadog.log_collection_services
log_forwarder_version = var.datadog.log_forwarder_version
metric_tag_filters = var.datadog.metric_tag_filters
namespace_rules = var.datadog.namespace_rules
site_url = try(var.datadog.site_url, null)
tags = var.tags
}
15 changes: 10 additions & 5 deletions variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -225,11 +225,16 @@ variable "control_tower_account_ids" {

variable "datadog" {
type = object({
api_key = string
enable_integration = bool
install_log_forwarder = optional(bool, false)
log_collection_services = optional(list(string), [])
site_url = string
api_key = string
cspm_resource_collection_enabled = optional(bool, false)
enable_integration = bool
extended_resource_collection_enabled = optional(bool, false)
install_log_forwarder = optional(bool, false)
log_collection_services = optional(list(string), [])
log_forwarder_version = optional(string)
metric_tag_filters = optional(map(string), {})
namespace_rules = optional(list(string), [])
site_url = string
})
default = null
description = "Datadog integration options for the core accounts"
Expand Down

0 comments on commit f0f201f

Please sign in to comment.