Bug of Datadog Service Attribute with AWS S3

[shintaro202020]

Describe what happened: I'm using the log forwarder for cloudwatch logs (Lambda) and s3 object (WAF). I'd like to change the service attribute for each source. For the reason above, I set the different service AWS tag in cloudwatch logs and s3 object. However, service name is only applied with cloudwatch logs and the service name of the log record from the s3 object is waf

Describe what you expected: The service name of the log record from the s3 record should be service AWS tag which is set in S3 Bucket.

Steps to reproduce the issue:

1. Store the WAF traffic log with S3 bucket
2. Set the service AWS Tag in S3 bucket
3. Set the S3 bucket as a log forwarder lambda trigger

[HannesBBR]

I was looking into the same thing, and I noticed that determining the service is done in https://github.com/DataDog/datadog-serverless-functions/blob/master/aws/logs_monitoring/steps/handlers/s3_handler.py#L53 based on the metadata object, while the tags set on the S3 bucket are only added to the metadata object afterwards in https://github.com/DataDog/datadog-serverless-functions/blob/master/aws/logs_monitoring/steps/handlers/s3_handler.py#L55, which would explain why these tags are ignored for determining the service attribute.

So I believe running self._add_s3_tags_from_cache() before add_service_tag(self.metadata) should solve that (didn't test this yet though).

[HannesBBR]

Created https://github.com/DataDog/datadog-serverless-functions/pull/806 which I think should fix this. I tested this in our stack and now the service attribute on the logs gets correctly set to the value of the service tag on the S3 bucket.