Many organizations struggle to track how their cloud infrastructure changes over time. Modern environments span tens of thousands of resources across hundreds of accounts and multiple clouds. Application teams add new services and regions at a rapid pace, increasing the number and variety of resources that need to be managed. These shifts can cause infrastructure to drift from a well-architected state, increasing the risk of service reliability issues and unexpected cloud spend.
To help manage this challenge, infrastructure teams rely on periodic audits, custom inventory tools, and cloud provider notifications. However, these approaches are often reactive, noisy, and incomplete, making it difficult to identify the most important issues. As a result, teams often have limited visibility into whether their infrastructure configurations follow well-architected best practices, so they spend more time reacting to issues instead of proactively enforcing consistent standards across accounts and services.
Datadog Infrastructure Management in Preview helps infrastructure teams proactively detect configuration issues in live infrastructure environments and provides the remediation tools they need to enforce desired configurations at scale. It combines change detection, policy evaluation, and remediation tools, enabling organizations to manage their environments more effectively, keep developer teams accountable, and encourage consistent adoption of best practices.
In this post, we show how teams can:
While infrastructure changes happen frequently, not all require the same level of review. Datadog Infrastructure Management uses your organization’s change history and configuration patterns to prioritize changes that are more likely to introduce risk, so teams spend less time triaging noise. When you click Changes from the Resources window, Infrastructure Management identifies risky configuration changes across all cloud providers and provides a summary of what’s updated, who made the change, and the potential impact. This context allows platform teams to proactively uncover problematic changes and address them early to reduce the risk of incidents.
For example, an infrastructure lead may find risky changes such as an S3 bucket being made publicly accessible or automated backups being disabled on a critical database. After fixing the issue, as shown below, they can Create a policy to set an organization-level guardrail that prevents the risky change from recurring. This policy will now regularly evaluate all their S3 buckets for exposure to the public.
By combining intelligent risk detection with change summaries to understand why a change could affect system stability and using Policies to enforce guardrails in production environments, customers can mitigate severe incidents from problematic changes.
Maintaining cloud configuration standards at scale requires a consistent way to define and evaluate best practices that ensure reliable, secure, cost-optimized, and well-tagged infrastructure across clouds, teams, and accounts. Datadog centralizes this work by giving infrastructure teams a single place to create and enforce policies for their infrastructure running on AWS, Azure, Google Cloud, and Kubernetes environments.
When visiting Policies from the Resources window, infrastructure teams can define their internal standards by using natural language to generate a policy and recommended remediation actions. Teams can also expand their policy libraries quickly, with 80 out-of-the-box Datadog templates based on cloud well-architected practices.
Once policies are created, Datadog continuously evaluates your deployed resources for configuration drift and offers built-in grouping and filtering to create reporting views for individual teams and leadership. Infrastructure teams can avoid maintaining bespoke tooling or updating scripts as their environments grow. This reduces the operational overhead of managing policies and enables teams to focus on improving controls like infrastructure-as-code (IaC) deployments.
With many configuration risks to address, infrastructure teams need a reliable workflow for closing gaps in policy adherence at scale. Datadog enables triaging of findings from policy evaluations using tags such as team, account, business unit, or resource type. Infrastructure teams can then assign Jira or ServiceNow tickets directly to resource owners from Datadog so remediation work is tracked alongside existing engineering workflows.
For organizations that manage resources with IaC, Datadog links each resource to its Terraform code definition and automatically suggests pull requests. When a newly created policy identifies issues such as publicly accessible S3 buckets, resource owners can review where their misconfiguration is defined in code and ready-to-merge pull requests. These pull requests propose targeted updates to the relevant line of code, helping teams resolve issues in minutes without needing to manually search for the underlying configurations.
When the resource owner is investigating a policy’s flagged resources, they can also view the configuration changes that affect adherence to company best practices, helping them revert problematic updates. By pairing policy evaluation with automated remediation, teams can close configuration gaps more quickly.
Datadog Infrastructure Management gives infrastructure teams a unified place to detect live resource drift from best practices that ensure infrastructure reliability, strengthen security, optimize cost, and ensure consistent tagging. With context-rich configuration change data, policy-driven evaluations, and automated remediation workflows, teams can maintain more consistent configuration standards and reduce the operational overhead of managing large, fast-changing, and distributed environments.
To get started with Infrastructure Management, sign up for the Preview and check out our documentation on Resource Policies and Resource Changes. If you’re new to Datadog, you can sign up for a 14-day free trial today.
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。