DataDog/dd-aws-lambda-functions

Name: dd-aws-lambda-functions

Owner: Datadog, Inc.

Description: Repo of lambda functions that process streams and send data to datadog

Created: 2015-12-17 20:04:24.0

Updated: 2018-01-09 11:46:31.0

Pushed: 2018-01-18 11:17:16.0

Homepage: null

Size: 60

Language: Python

GitHub Committers

UserMost Recent Commit# Commits

Other Committers

UserEmailMost Recent Commit# Commits

README

dd-aws-lambda-functions

Repository of lambda functions that process aws log streams and send data to datadog

Overview

This project contains lambda functions to be used to process aws log streams and send data to datadog.

Each lambda function will retrieve datadog api keys from KMS.

How to use one of these functions

  1. Create a KMS key for the datadog api key and app key

  2. Create a KMS key - http://docs.aws.amazon.com/kms/latest/developerguide/create-keys.html

  3. Encrypt the token using the AWS CLI.aws kms encrypt --key-id alias/<KMS key name> --plaintext '{"api_key":"<dd_api_key>", "app_key":"<dd_app_key>"}'

  4. Make sure to save the base-64 encoded, encrypted key (CiphertextBlob). This will be used for the KMS_ENCRYPTED_KEYS variable in all lambda functions.

  5. Create and configure a lambda function

  6. In the AWS Console, create a lambda_execution policy, with the following policy:

    
"Version": "2012-10-17",
"Statement": [
    {
        "Effect": "Allow",
        "Action": [
            "logs:CreateLogGroup",
            "logs:CreateLogStream",
            "logs:PutLogEvents"
        ],
        "Resource": "arn:aws:logs:*:*:*"
    },
    {
         "Effect": "Allow",
         "Action": [
           "kms:Decrypt"
         ],
         "Resource": [
           "<KMS ARN>"
         ]
       }
]

  7. Create a lambda_execution role and attach this policy

  8. Create a lambda function: Skip the blueprint, name it functionname, set the Runtime to Python 2.7, the handle to lambda_function.lambda_handler, and the role to lambda_execution.

  9. Copy the content of functionname/lambda_function.py in the code section, make sure to update the KMS_ENCRYPTED_KEYS environment variable with the encrypted key generated in step 1

  10. Subscribe to the appropriate log stream

How to update the zip file for the AWS Serverless Apps

  1. After modifying the files that you want inside the respective lambda app directory, run
    cloudformation package --template-file rds-enhanced-sam-template.yaml --output-template-file rds-enhanced-serverless-output.yaml --s3-bucket BUCKET_NAME
This work is supported by the National Institutes of Health's National Center for Advancing Translational Sciences, Grant Number U24TR002306. This work is solely the responsibility of the creators and does not necessarily represent the official views of the National Institutes of Health.