To make the Datadog serverless macro available for use in your AWS account, deploy a CloudFormation stack with a Datadog-provided template. This deployment includes a CloudFormation macro resource and a Lambda function that is invoked when the macro is run. Deploying this stack enables you to use the macro on other CloudFormation stacks deployed in the same account. For more details about defining a macro in your account, see the CloudFormation documentation page.
Note: The Datadog serverless macro needs to be created once in each region that contains stacks you wish to transform.
To deploy your serverless application with SAM, add the Datadog Serverless CloudFormation macro under the Transform section in your template.yml file, after the required SAM transform. Also add a DDGitData parameter and pass it to the macro to enable Datadog Source Code Integration:
Transform:- AWS::Serverless-2016-10-31- Name:DatadogServerlessParameters:stackName:!Ref "AWS::StackName"apiKey:"<DATADOG_API_KEY>"pythonLayerVersion:"<LAYER_VERSION>"# Use appropriate parameter for other runtimesextensionLayerVersion:"<LAYER_VERSION>"service:"<SERVICE>"# Optionalenv:"<ENV>"# Optionalversion:"<VERSION>"# Optionaltags:"<TAGS>"# Optional# Pass DDGitData here to enable Source Code Integration tagginggitData:!Ref DDGitData# For additional parameters, see the Configuration sectionParameters:DDGitData:Type:StringDefault:""Description:"The output of $(git rev-parse HEAD),$(git config --get remote.origin.url). Used for Datadog Source Code Integration tagging"
To set the DDGitData parameter for Datadog’s Source Code Integration, use SAM’s --parameter-overrides option:
sam deploy --parameter-overrides DDGitData="$(git rev-parse HEAD),$(git config --get remote.origin.url)"
Note: If you did not modify the provided template.yml file when you installed the macro, then the name of the macro defined in your account will be DatadogServerless. If you have modified the original template, make sure the name of the transform you add here matches the Name property of the AWS::CloudFormation::Macro resource.
Note: If you want to specify some of the configuration only once, you can modify template.yml and add the environment variables you want to configure for that region. This is a way to control additional default values. The example below sets DD_API_KEY_SECRET_ARN and DD_ENV, which the macro will treats as default values:
Resources:MacroFunction:Type:AWS::Serverless::FunctionDependsOn:MacroFunctionZipProperties:FunctionName:Fn::If:- SetFunctionName- Ref:FunctionName- Ref:AWS::NoValueDescription:Processes a CloudFormation template to install Datadog Lambda layers for Lambda functions.Handler:src/index.handler...Environment:Variables:DD_API_KEY_SECRET_ARN:"arn:aws:secretsmanager:us-west-2:123456789012:secret:DdApiKeySecret-e1v5Yn7TvIPc-d1Qc4E"DD_ENV:"dev"
To further configure your macro, use the following custom parameters:
Parameter
Description
addLayers
Whether to add the Lambda Layers or expect the user to bring their own. Defaults to true. When true, the Lambda Library version variables are also required. When false, you must include the Datadog Lambda library in your functions’ deployment packages.
pythonLayerVersion
Version of the Python Lambda layer to install, such as “21”. Required if you are deploying at least one Lambda function written in Python and addLayers is true. Find the latest version number from https://github.com/DataDog/datadog-lambda-python/releases.
nodeLayerVersion
Version of the Node.js Lambda layer to install, such as “29”. Required if you are deploying at least one Lambda function written in Node.js and addLayers is true. Find the latest version number from https://github.com/DataDog/datadog-lambda-js/releases.
Version of the Java Lambda layer to install, such as “12”. Required if you are deploying at least one Lambda function written in Java and addLayers is true. Find the latest version number from https://github.com/DataDog/datadog-lambda-java/releases.
extensionLayerVersion
Version of the Datadog Lambda Extension layer to install, such as “5”. When extensionLayerVersion is set, apiKey (or if encrypted, apiKMSKey or apiKeySecretArn) needs to be set as well.
addExtension
Whether to add the Lambda extension layer to the Lambda function. Defaults to false. When true, the extension layer is applied which handles sending logs, traces and custom metrics. The parameter extensionLayerVersion must be set. While using extensionLayerVersion do not set forwarderArn. To learn more, read the Datadog Lambda Extension documentation.
exclude
When set, the macro will ignore specified lambda functions. Use this if there are any functions that do not require datadog instrumentation. Defaults to [].
forwarderArn
When set, the macro will automatically subscribe the functions’ log groups to the Datadog Forwarder. Alternatively, you can define the log subscription using the AWS::Logs::SubscriptionFilter resource. Note: The ‘FunctionName’ property must be defined for functions that are deployed for the first time because the macro needs the function name to create the log groups and subscription filters. ‘FunctionName’ must NOT contain any CloudFormation functions, such as !Sub.
stackName
The name of the CloudFormation stack being deployed. Only required when a forwarderArn is provided and Lambda functions are dynamically named (when the FunctionName property isn’t provided for a Lambda). For more information on how to add this parameter for SAM and CDK, see the examples below.
flushMetricsToLogs
Send custom metrics via logs with the Datadog Forwarder Lambda function (recommended). Defaults to true. When set to false, the Datadog API key must be defined using apiKey (or if encrypted, apiKMSKey or apiKeySecretArn).
site
Set which Datadog site to send data, only needed when flushMetricsToLogs is false. Possible values are datadoghq.com, datadoghq.eu, us3.datadoghq.com, us5.datadoghq.com, ap1.datadoghq.com, and ddog-gov.com. The default is datadoghq.com.
apiKey
The Datadog API Key, only needed when flushMetricsToLogs is set to false.
apiKeySecretArn
The ARN of the secret storing the Datadog API key in AWS Secrets Manager. Use this parameter in place of apiKey when flushMetricsToLogs is false or extensionLayerVersion is set. Remember to add the secretsmanager:GetSecretValue permission to the Lambda execution role.
apiKMSKey
Datadog API Key encrypted using KMS. Use this parameter in place of apiKey when flushMetricsToLogs is false, and you are using KMS encryption.
enableEnhancedMetrics
Enable enhanced metrics for Lambda functions. Defaults to true. The Datadog Forwarder Lambda function must subscribe the function log group.
enableXrayTracing
Enable tracing on Lambda functions. Defaults to false.
enableDDTracing
Enable tracing on Lambda function using dd-trace, Datadog’s APM library. Defaults to true. The Datadog Forwarder Lambda function must subscribe the function log group.
enableDDLogs
Enable Datadog log collection for the Lambda function. Note: This setting has no effect on logs sent via the Datadog Forwarder. Defaults to true.
service
When set along with the extensionLayerVersion, the macro adds a DD_SERVICE environment variable to all lambda functions with the provided value. When set along with the forwarderArn, the macro adds a service tag to all Lambda functions with the provided value.
env
When set along with the extensionLayerVersion, the macro adds a DD_ENV environment variable to all lambda functions with the provided value. When set along with the forwarderArn, the macro adds an env tag to all Lambda functions with the provided value.
version
When set along with the extensionLayerVersion, the macro adds a DD_VERSION environment variable to all lambda functions with the provided value. When set along with the forwarderArn, the macro adds a version tag to all Lambda functions with the provided value.
tags
A comma separated list of key:value pairs as a single string. When set along with extensionLayerVersion, a DD_TAGS environment variable is added on all Lambda functions with the provided value. When set along with forwarderArn, the macro parses the string and sets each key:value pair as a tag on all Lambda functions.
logLevel
Sets the log level. Set to DEBUG for extended logging.
captureLambdaPayload
Automatically tags the function execution span with request and response payloads, so they can be displayed in the APM application.
enableColdStartTracing
Set to false to disable Cold Start Tracing. Used in NodeJS and Python. Defaults to true.
coldStartTraceMinDuration
Sets the minimum duration (in milliseconds) for a module load event to be traced via Cold Start Tracing. Number. Defaults to 3.
coldStartTraceSkipLibs
optionally skip creating Cold Start Spans for a comma-separated list of libraries. Useful to limit depth or skip known libraries. Default depends on runtime.
enableProfiling
Enable the Datadog Continuous Profiler with true. Supported in Beta for NodeJS and Python. Defaults to false.
encodeAuthorizerContext
When set to true for Lambda authorizers, the tracing context will be encoded into the response for propagation. Supported for NodeJS and Python. Defaults to true.
decodeAuthorizerContext
When set to true for Lambdas that are authorized via Lambda authorizers, it will parse and use the encoded tracing context (if found). Supported for NodeJS and Python. Defaults to true.
apmFlushDeadline
Used to determine when to submit spans before a timeout occurs, in milliseconds. When the remaining time in an AWS Lambda invocation is less than the value set, the tracer attempts to submit the current active spans and all finished spans. Supported for NodeJS and Python. Defaults to 100 milliseconds.
This macro modifies your CloudFormation template to install the Datadog Lambda Library by attaching the Lambda Layers for Node.js, Python, .NET, and Java to your functions. It redirects to a replacement handler that initializes the Lambda Library without any required code changes.
This error occurs when you provide a forwarderArn and are deploying your Lambda function for the first time, so no log group currently exists, and the macro cannot create this log group or subscribe to the Forwarder for you. One way to fix this issue is to explicitly define the FunctionName property on your Lambda (see the example below).
Resources:MyLambda:Type:AWS::Serverless::FunctionProperties:Handler:index.handlerRuntime:nodejs12.xFunctionName:MyFunctionName# Add this property to your Lambdas
If you cannot (or prefer not) define the FunctionName explicitly, then remove the forwarderArn parameter from the SAM template or CDK source code, and instead define the subscription filters using the AWS::Logs::SubscriptionFilter resource like below.
The forwarderArn option does not work when FunctionName contains CloudFormation functions, such as !Sub. In this case, the macro does not have access to the actual function name (CloudFormation executes functions after transformations). It therefore cannot create log groups and subscription filters for your functions.
Remove the forwarderArn parameter from the SAM template or CDK source code, and instead define the subscription filters using the AWS::Logs::SubscriptionFilter resource like below.
Complete the following steps to enable X-Ray tracing when using a predefined Lambda execution role (such as one created outside the CloudFormation template, like this example):
