Closed andyshinn closed 2 years ago
Hey @andyshinn Thank you for raising the issue, sorry for the delay.
It seems that DdApiKeySecretArn
is already supported in the template.
If you are creating a new one you can just set a default value in DdApiKey
and then set your resource ARN in DdApiKeySecretArn
(since the first one will be ignored if the second is set).
If you are trying to update an existing forwarder, you can just point to the Secret's ARN, since setting DdApiKey
would have created a resource in Secrets Manager to it. If this is the case, then read permissions to the new resource might be required.
Let me know if you are still having trouble with this.
I did not try, yet. But was looking at https://github.com/DataDog/cloudformation-template/blob/master/aws/main.yaml#L111-L118 and it didn't appear to set the DdApiKeySecretArn
input for the forwarder. But I will give it a try.
Ah, I see what is happening here. Sorry, I got confused because of the reference and was checking the support there.
Indeed there is no support to set a custom DdApiKeySecretArn
in the AWS integration with CloudFormation. If you want to create a forwarder with it you can follow the documentation for the forwarder stated here.
Nonetheless, this should be supported directly in the template you pointed. Will work on it, thank you.
Can I request the same support for the streams
template?
Expected Behavior
Able to use
DdApiKeySecretArn
so when Datadog integration is setup via Terraform the plan is idempotent.Actual Behavior
Only
DdApiKey
is available to pass to log forwarder.Related