Add Support For Finding Namespace Rules With Data

[andrewkruse]

When turning on the AWS integration, we want to disable everything we aren't expecting to monitor with Datadog as we have a suspicion this will help reduce pricing impact. Unfortunately, getting the namespace rules is a chore. With the lack of a data source to provide it, there is no trivial way to do it.

Option 1: use terraform with HTTP to request it and format it. Not great since we can't creep on the configuration of the provider (i.e. provider.datadog.api_key, provider.datadog.app_key, provider.datadog.api_url). This requires adding arbitrary variables for configuration items that were environment variables already (i.e. duplicating DD_API_KEY to TF_ENV_DD_API_KEY).

Option 2: get it at a point in time and copy/paste it. I suspect in the future as new things show up they will be auto enabled. Not super great, but probably not the end of the world.

Terraform Configuration Files

resource "datadog_integration_aws" "sandbox" {
  account_id = data.aws_caller_identity.current.account_id
  role_name  = "DatadogAWSIntegrationRole"

  # removes just the two regions we care about
  excluded_regions = setsubtract(data.aws_regions.current.names, ["us-east-2", "us-west-2"])

  # found with https://docs.datadoghq.com/api/latest/aws-integration/?code-lang=curl#list-namespace-rules
  account_specific_namespace_rules = {
    "api_gateway"            = false,
    "application_elb"        = true,
    "apprunner"              = false,
    "appstream"              = false,
    "appsync"                = false,
    "athena"                 = false,
    "auto_scaling"           = false,
    "backup"                 = false,
    "billing"                = false,
    "budgeting"              = false,
    "certificatemanager"     = true,
    "cloudfront"             = false,
    "cloudhsm"               = false,
    "cloudsearch"            = false,
    "cloudwatch_events"      = false,
    "cloudwatch_logs"        = false,
    "codebuild"              = false,
    "cognito"                = false,
    "collect_custom_metrics" = false,
    "connect"                = false,
    "crawl_alarms"           = false,
    "directconnect"          = false,
    "dms"                    = false,
    "documentdb"             = false,
    "dynamodb"               = false,
    "dynamodbaccelerator"    = false,
    "ebs"                    = false,
    "ec2"                    = false,
    "ec2api"                 = false,
    "ec2spot"                = false,
    "ecs"                    = false,
    "efs"                    = false,
    "elasticache"            = false,
    "elasticbeanstalk"       = false,
    "elasticinference"       = false,
    "elastictranscoder"      = false,
    "elb"                    = false,
    "emr"                    = false,
    "es"                     = false,
    "firehose"               = false,
    "fsx"                    = false,
    "gamelift"               = false,
    "glue"                   = false,
    "inspector"              = false,
    "iot"                    = false,
    "keyspaces"              = false,
    "kinesis"                = false,
    "kinesis_analytics"      = false,
    "kms"                    = false,
    "lambda"                 = true,
    "lex"                    = false,
    "mediaconnect"           = false,
    "mediaconvert"           = false,
    "medialive"              = false,
    "mediapackage"           = false,
    "mediastore"             = false,
    "mediatailor"            = false,
    "ml"                     = false,
    "mq"                     = false,
    "msk"                    = false,
    "mwaa"                   = false,
    "nat_gateway"            = false,
    "neptune"                = false,
    "network_elb"            = false,
    "networkfirewall"        = false,
    "opsworks"               = false,
    "polly"                  = false,
    "privatelinkendpoints"   = false,
    "privatelinkservices"    = false,
    "rds"                    = true,
    "rdsproxy"               = false,
    "redshift"               = false,
    "rekognition"            = false,
    "route53"                = false,
    "route53resolver"        = false,
    "s3"                     = false,
    "s3storagelens"          = false,
    "sagemaker"              = false,
    "service_quotas"         = false,
    "ses"                    = false,
    "shield"                 = false,
    "sns"                    = false,
    "sqs"                    = false,
    "step_functions"         = false,
    "storage_gateway"        = false,
    "swf"                    = false,
    "textract"               = false,
    "transitgateway"         = false,
    "translate"              = false,
    "trusted_advisor"        = false,
    "usage"                  = false,
    "vpn"                    = false,
    "waf"                    = false,
    "wafv2"                  = false,
    "workspaces"             = false,
    "xray"                   = false,
  }
}

[cherudim]

I came here to request the exact same thing, this would greatly improve the usability of the namespace filtering feature

[nkzou]

Hi there, thanks for raising this feature request. The datasource will be available in the next terraform release, tentatively scheduled for a month from now.