Datadog - Google Cloud Platform Integration Terraform Module
π΅ Monthly estimates based on Infracost baseline costs.
Repository Description
Terraform example module for Datadog Google Cloud Platform integration.
[!NOTE] We do not recommend consuming this module like you might a public module. It is a baseline, something you can fork, potentially maintain, and modify to fit your organization's needs. Using public modules vs. writing your own has various drivers and trade-offs that your organization should evaluate.
π© Usage
[!TIP] You can check the fixtures directory for example configurations. These fixtures set up the system for testing by providing all the necessary initial code, thus creating good examples on which to base your configurations.
Required APIs (managed with the terraform-google-project child module):
bigquerydatatransfer.googleapis.com(Ifenable_cloud_cost_managementistrue)bigquery.googleapis.com(Ifenable_cloud_cost_managementistrue)cloudasset.googleapis.comcloudbilling.googleapis.comcloudresourcemanager.googleapis.comcompute.googleapis.comiam.googleapis.commonitoring.googleapis.com
Development
Our focus is on the core fundamental practice of platform engineering, Infrastructure as Code.
Open Source Infrastructure (as Code) is a development model for infrastructure that focuses on open collaboration and applying relative lessons learned from software development practices that organizations can use internally at scale. - Open Source Infrastructure (as Code)
To avoid slowing down stream-aligned teams, we want to open up the possibility for contributions. The Open Source Infrastructure (as Code) model allows team members external to the platform team to contribute with only a slight increase in cognitive load. This section is for developers who want to contribute to this repository, describing the tools used, the skills, and the knowledge required, along with Terraform documentation.
See the documentation for setting up a local development environment here.
π οΈ Tools
π Skills and Knowledge
Links to documentation and other resources required to develop and iterate in this repository successfully.
π Tests
All tests are mocked allowing us to test the module without creating infrastructure or requiring credentials. The trade-offs are acceptable in favor of speed and simplicity. In a Terraform test, a mocked provider or resource will generate fake data for all computed attributes that would normally be provided by the underlying provider APIs.
cd fixtures/defaultterraform initterraform test -var="api_key=$DATADOG_API_KEY" -var="app_key=$DATADOG_APP_KEY"π Terraform Documentation
A child module automatically inherits default (un-aliased) provider configurations from its parent. The provider versions below are informational only and do not need to align with the provider configurations from its parent.
Providers
| Name | Version |
|---|---|
| datadog | 3.44.1 |
| 6.2.0 | |
| random | 3.6.3 |
Resources
| Name | Type |
|---|---|
| datadog_integration_gcp_sts.this | resource |
| google_bigquery_dataset.billing_export | resource |
| google_bigquery_dataset_iam_member.billing_export | resource |
| google_logging_project_sink.integration | resource |
| google_project_iam_member.this | resource |
| google_pubsub_subscription.integration | resource |
| google_pubsub_topic.integration | resource |
| google_pubsub_topic_iam_member.integration | resource |
| google_service_account.integration | resource |
| google_service_account_iam_member.integration | resource |
| google_storage_bucket.cloud_cost_management | resource |
| google_storage_bucket_iam_member.cloud_cost_management | resource |
| random_id.this | resource |
Inputs
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| api_key | Datadog API key | string |
n/a | yes |
| cloud_cost_management_location | The location for the cloud cost management bucket and Bigquery dataset, only used if enable_cloud_cost_management is true | string |
"US" |
no |
| enable_cloud_cost_management | Whether Datadog collects cloud cost management data from your GCP project, this should only be set to true in a single project | bool |
false |
no |
| host_filters | A list of host filters to apply to the Datadog GCP integration | list(string) |
[] |
no |
| is_cspm_enabled | Whether Datadog collects cloud security posture management resources from your GCP project | bool |
false |
no |
| is_security_command_center_enabled | When enabled, Datadog will attempt to collect Security Command Center Findings. Note: This requires additional permissions on the service account | bool |
false |
no |
| labels | A map of key/value pairs to assign to the resources being created | map(string) |
{ "system": "datadog" } |
no |
| project | The ID of the project in which the resource belongs | string |
n/a | yes |