惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

D
Docker
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
C
Cisco Blogs
Scott Helme
Scott Helme
Know Your Adversary
Know Your Adversary
NISL@THU
NISL@THU
C
Cyber Attacks, Cyber Crime and Cyber Security
D
Darknet – Hacking Tools, Hacker News & Cyber Security
C
CXSECURITY Database RSS Feed - CXSecurity.com
S
Schneier on Security
I
Intezer
Spread Privacy
Spread Privacy
AWS News Blog
AWS News Blog
V
Vulnerabilities – Threatpost
Cloudbric
Cloudbric
V2EX - 技术
V2EX - 技术
Google Online Security Blog
Google Online Security Blog
L
Lohrmann on Cybersecurity
Recent Commits to openclaw:main
Recent Commits to openclaw:main
L
LINUX DO - 热门话题
S
Secure Thoughts
T
The Exploit Database - CXSecurity.com
博客园 - 【当耐特】
Recent Announcements
Recent Announcements
Security Archives - TechRepublic
Security Archives - TechRepublic
Stack Overflow Blog
Stack Overflow Blog
罗磊的独立博客
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
K
Kaspersky official blog
阮一峰的网络日志
阮一峰的网络日志
博客园_首页
Latest news
Latest news
B
Blog
F
Full Disclosure
大猫的无限游戏
大猫的无限游戏
博客园 - 叶小钗
L
LangChain Blog
GbyAI
GbyAI
Last Week in AI
Last Week in AI
S
Security Affairs
Apple Machine Learning Research
Apple Machine Learning Research
N
Netflix TechBlog - Medium
Security Latest
Security Latest
Vercel News
Vercel News
Y
Y Combinator Blog
G
GRAHAM CLULEY
S
Securelist
T
Troy Hunt's Blog
Hacker News - Newest:
Hacker News - Newest: "LLM"
雷峰网
雷峰网

Datadog | The Monitor blog

Introducing our open source AI-native SAST Instrument and monitor Boomi integration flows with OpenTelemetry and Datadog Not all index scans are equal: How we cut query latency by over 99% Platform engineering metrics: What to measure and what to ignore Integrate Recorded Future threat intelligence with Datadog Cloud SIEM CI/CD security: threat modeling using a MITRE-style threat matrix CI/CD security: How to secure your GitHub ecosystem Ingress NGINX is EOL: A practical guide for migrating to Kubernetes Gateway API Operating agentic AI with Amazon Bedrock AgentCore and Datadog LLM Observability: Lessons from NTT DATA Introducing the Datadog Code Security MCP Capture and analyze custom heatmaps in Session Replay Understand session replays faster with AI summaries and smart chapters Monitor ClickHouse query performance with Datadog Database Monitoring How we designed empathetic alert sounds for on-call engineers Search and act across Datadog to resolve issues faster with Bits Assistant Measure the business impact of every product change with Datadog Experiments Analyzing round trip query latency Configuring JavaScript caches for better performance Introducing Bits AI Dev Agent for Code Security Datadog achieves ISO 42001 certification for responsible AI Monitor Nutanix clusters, hosts, and VMs with Datadog Monitor Juniper Mist in Datadog A new Host Map for modern infrastructure Annotate traces to improve LLM quality with Datadog LLM Observability What’s new in Cloud SIEM: AI-powered investigations, enhanced threat intelligence, and scalable security operations Explore Kubernetes with native OpenTelemetry data Monitor Oracle Fusion Cloud Applications with Datadog Announcing the Datadog Terraform provider v4.0.0 Scaling Kubernetes workloads on custom metrics How to design cloud environments for AI-powered threat analysis Monitor Aruba Central in Datadog How we centralize and remediate risks with Datadog Case Management Accelerate incident response with Datadog and ServiceNow Monitor your application and network load balancer logs Understanding Karpenter architecture for Kubernetes autoscaling Tools for collecting metrics and logs from Karpenter Monitor Karpenter with Datadog What your product data is actually saying Key metrics for monitoring Karpenter Securing Datadog’s platform in the AI age: The role of observability data Four ways engineering teams use the Datadog MCP Server to power AI agents Approaching your observability migration with the right mindset Meet the new Bits AI SRE: Deeper reasoning, twice as fast Key learnings from the 2026 State of DevSecOps study Use plain English to query your multi-cloud infrastructure in Resource Catalog Simplifying troubleshooting across the user journey with Datadog Synthetic Monitoring Protect your OCI resources with Datadog Cloud Security This Month in Datadog - February 2026 Amazon EC2 security: How misconfigured and public AMIs expand your cloud attack surface Enable end-to-end visibility into your Java apps with a single command Measure and improve mobile app startup performance with Datadog RUM Evaluating our AI Guard application to improve quality and control cost Identify untested code across every level of your codebase Make use of guardrail metrics and stop babysitting your releases Monitor Versa Networks SD-WAN performance in Datadog Improve performance and reliability with APM Recommendations Remediate transitive vulnerabilities faster with Datadog Software Composition Analysis Generate audit-ready vulnerability and compliance reports with Datadog Sheets Monitor Fortinet FortiManager performance in Datadog Improve test coverage across codebases with Datadog Code Coverage Move fast, don’t break things: Consistent testing standards at scale Enrich logs with ServiceNow CMDB context before routing to any SIEM or logging tool Monitor Lustre with Datadog Make faster, better product decisions with Datadog Product Analytics Surface and remediate runtime posture issues with Workload Protection Findings Protect agentic AI applications with Datadog AI Guard How to optimize JavaScript code with CSS Trace Google Pub/Sub workloads in Cloud Run with Datadog Detect human names in logs with ML in Sensitive Data Scanner How we cut our NLQ agent debugging time from hours to minutes with LLM Observability Debug PostgreSQL query latency faster with EXPLAIN ANALYZE in Datadog Database Monitoring Datadog acquires Propolis Unify and correlate frontend and backend data with retention filters Scale compliance across global frameworks with Datadog Cloud Security Monitor Arista VeloCloud SD-WAN performance with Datadog Building reliable dashboard agents with Datadog LLM Observability Simplify log collection and aggregation for MSSPs with Datadog Observability Pipelines Mitigation for Node.js denial-of-service vulnerability affecting Datadog APM Automate flaky test fixes with the Bits AI Dev Agent and Test Optimization How we built an AI SRE agent that investigates like a team of engineers Datadog integrations 2025 recap: Observability for AI, security, and hybrid cloud Design effective executive dashboards with Datadog Implement dbt data quality checks with dbt-expectations Bring faster visibility into AWS Lambda functions with remote instrumentation Troubleshoot faster with the GitLab Source Code integration in Datadog How Cambia Health Solutions saved $30,000 monthly with Cloud Cost Management and the Datadog Resource Catalog Normalize any logs for Cloud SIEM with Datadog's OCSF processor Optimizing Datadog at scale: Cost-efficient observability at Zendesk Detect, diagnose, and resolve network issues easily with CNM Network Health Connect engineering errors to user impact in early-stage products Cilium configuration for Kubernetes operations at scale Designing feedback loops for progressive delivery Ship features faster and safer with Datadog Feature Flags Choosing the right OpenTelemetry Collector distribution Route your monitor alerts with Datadog monitor notification rules Automate Cloud SIEM investigations with Bits AI Security Analyst Cloud threat detection: How to identify risky activity across control and data planes Collecting Kafka performance metrics Monitoring Kafka with Datadog Monitoring Kafka performance metrics
Deploying and configuring Datadog with CloudFormation
David M. Lentz · 2019-01-14 · via Datadog | The Monitor blog

In this post, we will show you how you can use AWS CloudFormation to automatically deploy infrastructure that is preconfigured to send metrics and logs to Datadog. To demonstrate how this works, we will use a sample CloudFormation template that creates an EC2 instance running Apache web server, then installs the Datadog Agent, configures it with your API key, and enables Datadog’s integration with Apache. If you’re not already using Datadog, you can still follow along with the steps in this post by signing up for a free 14-day trial.

What is AWS CloudFormation?

CloudFormation is a configuration management service from AWS that allows you to create and update infrastructure programmatically. A CloudFormation template is a JSON or YAML file you create to describe your desired infrastructure. A template defines the properties of each resource (such as an EC2’s instance type), and the configuration CloudFormation will apply to attain the infrastructure’s desired state. Each template defines a stack—a collection of logically related AWS resources, such as EC2 instances, VPCs, Elastic Load Balancers, and IAM roles. The components of the stack are defined in the template’s Resources section. For example, to create an EC2 instance from a preconfigured Amazon Machine Image (AMI) using CloudFormation, your template would contain YAML like this:

Resources:

MyEC2Instance:

Type: "AWS::EC2::Instance"

Properties:

InstanceType: t2.small

ImageId: ami-011b6930a81cd6aaf

A CloudFormation template is infrastructure as code. Rather than code that’s imperative—defining a specific path in creating the infrastructure—the template uses declarative language to define a new stack or revisions to an existing stack. When you execute the template (using the CloudFormation console, SDK, or CLI), CloudFormation compares the state of the infrastructure to the desired state you’ve declared, then determines and executes the steps necessary to attain the desired state.

Like any code, the templates that describe your infrastructure can be versioned and reused. Each time you execute a CloudFormation template, you create a stack identical to any others based on that template. This allows you to run identical environments for different purposes (such as QA and development), and supports devops practices like blue/green deployments.

CloudFormation is similar to other configuration management software, like Chef and Ansible, which support the same goal of managing infrastructure as code.

CloudFormation + Datadog

CloudFormation can deploy infrastructure that’s readily observable. Including the configuration and deployment of the Datadog Agent in your CloudFormation template gives you visibility into your infrastructure as soon as it comes online.

The Datadog Agent is a lightweight, open source application that collects and forwards metrics, logs, and distributed request traces to your Datadog account. As soon as the Agent is running on your EC2 instances, you’ll be able to see host-level metrics beyond what’s reported by Amazon CloudWatch, and you’ll be able to visualize your logs and APM data in Datadog.

Custom Datadog dashboard shows metrics and logs from an EC2 instance.

Templating the Datadog integration

In this section, we’ll look at the anatomy of our demonstration template and highlight some of the code that defines key characteristics of the stack it creates.

Our template creates two AWS resources and a Datadog resource. (See our CloudFormation Registry blog post for information about deploying Datadog resources via CloudFormation.) The AWS resources are an EC2 instance (which the template identifies as MyWebServerInstance, since it will include the Apache server) and an associated security group (identified as MySecurityGroup), which allows traffic on the instance’s port 80. The Datadog resource (DatadogMonitorResource) is a monitor that will alert you if your EC2 instance becomes unavailable.

This template accepts two parameters:

  1. Your Datadog API key, which is used by the Agent to automatically send metrics and logs to your Datadog account

  2. Your application key, which—along with your API key—is used to authenticate your request to create the Datadog monitor

The template is broken down into sections, each of which fills a purpose in creating the stack:

  • Parameters. This section defines values to be provided when the template is executed. CloudFormation uses the parameter values passed by the user (or the parameters’ default values) to configure stack properties such as your Datadog API key or the name of your SSH key pair.

  • Resources. This is the only required section in a CloudFormation template. It defines the AWS resources to be created (or updated) by the template.

  • Outputs. This section defines the values to be returned when the template is executed. The key name of each output is defined in the template, and its value is returned when template execution is complete.

The other sections that comprise a CloudFormation template are its description, transform, metadata, conditions, and mappings. For information about these sections, see the CloudFormation user guide.

Parameters section: API key and application key

The first section of our template defines its parameters. A Parameters section is optional in a CloudFormation template, but by defining template parameters, you can require the user to provide values that will be plugged into the template to configure the requested resources. The demo template defines the APIKey and APPKey parameters.

Parameters:

APIKey:

Description: "The API key for your Datadog account"

Type: String

APPKey:

Description: "An application key from your Datadog account"

Type: String

You’ll input your Datadog API key and application key when you execute the template. CloudFormation uses the API key to configure the Agent to submit data to your Datadog account, and then uses both keys to authenticate the call to create the Datadog monitor resource.

Resources section: Metadata

You can use the AWS::CloudFormation::Init metadata key to specify characteristics of an EC2 instance, such as users and groups that should be present, services that should be running, and more. This gives you great flexibility in automating the configuration of your instances; see the AWS documentation to learn more about what you can do with AWS::CloudFormation::Init.

In our demonstration template, AWS::CloudFormation::Init organizes instance configuration details into three groups called configsets. Our configsets organize the instance’s configuration into three logical areas: packages to be installed, configuration details for Apache and the Agent, and instructions to restart the services to apply the updated configurations. The YAML snippet below shows the definitions of the configsets:

AWS::CloudFormation::Init:

configSets:

# List the configSets and the config keys they contain:

Install:

- "installHttpd"

- "installDatadogAgent"

Configure:

- "configureModStatus"

- "enableLogs"

- "configureLogs"

Restart:

- "restart"

Each configset contains only a list of configuration items, called config keys, which specify the configuration details. In the following sections, we’ll look at the YAML in each config key that defines the commands that will run and packages that will be installed on the instance.

When the template is executed, CloudFormation triggers a script that reads all the config keys and determines how to achieve the desired configuration. We’ll look more closely at this process in the UserData section.

Configset: Install

The first config key in this set, installHttpd, contains directives to ensure that Apache is installed and running on the instance:

installHttpd:

packages:

yum:

httpd: []

services:

sysvinit:

httpd:

enabled: true

ensureRunning: true

The next config key, installDatadogAgent, downloads and installs the Agent using the one-step installation script, plugging in the API key that the user has provided as a parameter:

installDatadogAgent:

commands:

01_download_and_install:

env:

DD_API_KEY: !Sub "${APIKey}"

command: "bash -c \"$(curl -L https://raw.githubusercontent.com/DataDog/datadog-agent/master/cmd/agent/install_script.sh)\""

Configset: Configure

The elements in the Configure configset modify Apache’s configuration, then update the configuration of the Agent so it can collect and tag metrics and logs from Apache.

The first key in this configset, configureModStatus, enables Apache’s mod_status module. This makes the Apache status page available for the Agent to use as a source for metric data.

configureModStatus:

commands:

01_add_config:

command:

!Sub |

cat <<EOT > /etc/httpd/conf.d/server-status.conf

# Enable the /server-status page

ExtendedStatus on

<Location /server-status>

SetHandler server-status

Allow from localhost

</Location>

EOT

For more information about the mod_status module, see the Apache documentation.

The next config key, enableLogs, updates the datadog.yaml file and enables the Agent to collect logs. Then it sets an access control list (ACL) on the directory where Apache stores logs, so the Agent can access them. It also adds this ACL instruction to the host’s logrotate configuration so it’s automatically reapplied when Apache logs are rotated.

enableLogs:

commands:

01_update_datadog_yaml:

cwd: "/etc/datadog-agent/"

command: "sed -i 's/^# logs_enabled: false$/logs_enabled: true/' datadog.yaml"

02_fix_logfile_permissions:

command: "setfacl -m u:dd-agent:rx /var/log/httpd"

03_sed_logrorate:

cwd: /etc/logrotate.d

command: "sed -i 's#/bin/systemctl reload httpd.service > /dev/null 2>/dev/null || true#/bin/systemctl reload httpd.service > /dev/null 2>/dev/null || true; setfacl -m u:dd-agent:rx /var/log/httpd#' httpd"

The configureLogs key updates the Agent’s Apache configuration file so it can collect and tag access and error logs, and collect metrics from Apache’s status page.

configureLogs:

commands:

01_create_apache_conf_yaml:

cwd: "/etc/datadog-agent/conf.d/apache.d/"

command:

cp conf.yaml.example conf.yaml

02_update_apache_conf_yaml:

cwd: "/etc/datadog-agent/conf.d/apache.d/"

command:

!Sub |

cat <<EOT >> conf.yaml

logs:

- type: file

path: /var/log/httpd/access_log

source: apache

sourcecategory: http_web_access

service: myservice

tags:

- env:qa

- type: file

path: /var/log/httpd/error_log

source: apache

sourcecategory: http_web_access

service: myservice

tags:

- env:qa

EOT

The first command in this key copies the sample configuration file, conf.yaml.example to conf.yaml so the Agent can recognize and use it. The second command adds a logs element to that file, which specifies the path to Apache’s log files, and tells the Agent to tag the logs with service: myservice and env: qa. You can customize these tags to suit your needs. The source tag tells Datadog to route the incoming logs through an Apache-specific processing pipeline, and the sourcecategory tag can help you aggregate related logs across hosts and services. For more information on using these tags, see our tagging documentation.

Configset: Restart

The command in the restart key restarts Apache and the Agent to apply all configuration changes.

restart:

commands:

01_restart:

command: "systemctl restart httpd.service; systemctl stop datadog-agent.service; systemctl start datadog-agent.service"

Resources section: Instance properties

The Properties section of the template defines the characteristics of the MyWebServerInstance being created.

UserData

When the instance comes up, it executes the bash script in the UserData section of the template. First, this script instructs the instance to update its aws-cfn-bootstrap package:

yum update -y aws-cfn-bootstrap

This package contains helper scripts CloudFormation will use to configure the instance. One of these helper scripts is cfn-init. CloudFormation calls cfn-init and references the three configsets—Install, Configure, and Restart—defined in the AWS::CloudFormation::Init section of the template:

/opt/aws/bin/cfn-init -v --stack ${AWS::StackName} --resource MyWebServerInstance --configsets Install,Configure,Restart --region ${AWS::Region}

InstanceType

The InstanceType value designates the class and size of the EC2 instance.

In this demo template, InstanceType is hardcoded as t2.nano. For a more flexible template, you could include InstanceType as a parameter, allowing the user to select an InstanceType value when executing the template.

The ImageId element specifies the AMI that CloudFormation will use as the basis for the instance to be created.

ImageId: ami-011b6930a81cd6aaf

This demo template specifies an Amazon Linux 2 AMI for the us-west-1 region. You can change your copy of the template to specify an image from a different region. (To find the ImageId for an AMI in a different region, visit the EC2 section of the AWS console and click Launch Instance.) A production-ready CloudFormation template will include a mapping of AMIs available in each region, and will automatically select the one appropriate for the region where the template is executed. This ensures that the template is reusable in any region. For guidance on creating a template that programmatically determines the correct AMI ID for a given region and instance type, see this document from AWS.

Resources section: Security group

An AWS security group acts as a virtual firewall, governing the flow of traffic to and from your infrastructure. All EC2 instances have at least one associated security group. If you create an EC2 instance without specifying a security group, the default security group is applied. But because the default security group doesn’t allow traffic to or from port 80, the demo template creates a custom security group that exposes port 80 externally.

MySecurityGroup:

Type: "AWS::EC2::SecurityGroup"

Properties:

GroupDescription: "Allow web traffic"

SecurityGroupIngress:

- CidrIp: 0.0.0.0/0

FromPort: '80'

IpProtocol: tcp

ToPort: '80'

Outputs section

After creating the EC2 instance, CloudFormation returns values for the output variables defined in the template.

Outputs:

URL:

Description: "The URL of this instance's website"

Value: !Sub "http://${MyWebServerInstance.PublicIp}"

InstanceDashboard:

Description: "Link to this instances's Datadog dashboard"

Value: !Sub "https://app.datadoghq.com/dash/host_name/${MyWebServerInstance}"

Below, we’ll show how you can use the URL and InstanceDashboard output values to begin monitoring your stack in Datadog.

Creating your integrated stack

As outlined above, the demo template defines a small stack, including an EC2 host running an Apache server that’s configured to send metrics and logs to your Datadog account. In this section, we’ll walk you through executing the template to create the stack, then viewing your instance’s metrics and logs in Datadog.

Execute the template

Download the demo template to your local storage, then navigate to the CloudFormation page in the AWS console. (Make sure you’re in the us-west-1 (US West (N. California)) region for this demo, since the template specifies an AMI from that region.) Click Create Stack. Under Choose a template, click Choose File and navigate to your local copy of the template. Click Next.

In the next screen, enter a name for your stack in the Stack name field. Next, enter your Datadog API key in the APIKey field and an application key from your Datadog account in the APPKey field. (To find these keys, look in the API Keys and Application Keys sections on this page.) Click Next.

In the screen that appears next, you can optionally tag your stack using the Key and Value fields. Any tags you add here will be applied to all the resources in the stack (in this case, the EC2 instance and the security group), and to the CloudFormation stack itself. Datadog ingests these tags automatically so you can filter and aggregate all your monitoring data on the fly. To add more than one tag, click the plus sign on the right. Leave the other fields on this page empty. Scroll down and click Next.

Review the stack information you’ve provided, then click Create.

Next you’ll see a table that contains a list of your stacks. In the Status column, your new stack’s status will initially appear as CREATE_IN_PROGRESS.

The AWS console shows your stack creation in progress.

After a few minutes, it should change to CREATE_COMPLETE, and you’re ready to proceed.

View your host’s metrics and logs

When your stack creation is complete, click to highlight your stack’s row in the table, then click the Outputs tab.

The AWS console shows your stack creation is complete.

Click the value in the InstanceDashboard row to navigate to the host dashboard in your Datadog account.

The new EC2 instance’s dashboard is visible in your Datadog account.

The EC2 host you created in your new stack is now sending metrics to Datadog. Back in your AWS console, click the URL value in the Outputs tab to load the instance’s website in your browser. Reload the page several times to generate traffic to your web server. Return to the host dashboard and note the Apache - Hits rate graph. The traffic you just generated in your browser should show as a spike, as in the screenshot below. You may see other requests at regular intervals on the graph, due to the Agent making regular calls to the Apache status page.

apache_hits_rate2a

You can easily pivot from viewing your host’s metrics on the graph to browsing related logs. Click a point on the Apache - Hits rate graph, then click the View related logs option.

apache_hits_rate2b

The Log Explorer will show your host’s time-correlated Apache logs, as shown in the screenshot below.

This Log Explorer view shows logs that share the same Source value as the metrics above.

Start deploying Datadog with CloudFormation

In this post we’ve shown you how to deploy an EC2 instance running Apache server, and how to install and configure the Datadog Agent to monitor Apache and the host itself. To go further with CloudFormation and Datadog, you can build on this template to configure any of Datadog’s 1,000 other integrations. If you’re not already using Datadog, you can get started with a free 14-day trial.