■ はじめに
datadog を将来的に扱いそうなので Terraform で構築できるように予習。
目次
【1】datadog 【2】公式ドキュメント 【3】AWSへの導入準備 1)IAM 【4】自サービスへの適用 1)モニター作成
【1】datadog
* サーバ監視や分析などを行うモニタリングSaaSサービス => 詳細は、以下の関連記事を参照のこと
datadog ~ 基礎知識編 ~
https://dk521123.hatenablog.com/entry/2024/03/30/004746
【2】公式ドキュメント
* 以下の通り。
https://registry.terraform.io/providers/DataDog/datadog/latest/docs
with EKS
https://developer.hashicorp.com/terraform/tutorials/applications/datadog-provider
【3】AWSへの導入準備
1)用意するもの
[1] AWSアカウント [2] リモートバックエンド保存先のS3バケット作成(任意) [3] モニターを登録する organization に参加いているDatadogのアカウント + APIキー(:datadog:のIntegrations -> API Keys) + APPキー(:datadog:のIntegrations -> Application Keys) [4] Terraform を実行できる環境 [5] tfコード配置するリポジトリ
2)IAM
aws_integration.tf
variable enable_datadog_aws { description = "Use datadog or not" type = bool default = true } variable aws_account_id { description = "datadog aws account id" type = string default = "aws_account_id" } variable filter_tags { description = "datadog filter tags" type = list(string) default = ["datadog:enabled"] } variable host_tags { description = "datadog host tags" type = list(string) default = ["aws_account_name"] } variable account_specific_namespace_rules { description = "datadog for account_specific_namespace_rules " type = map default = { # api_gateway: true, # auto_scaling: true, # opsworks: false } } variable excluded_regions { description = "datadog for excluded regions " type = list(string) default = { # "us-east-1", # "us-west-1" } } resouse excluded_regions { description = "datadog for excluded regions " type = list(string) default = { # "us-east-1", # "us-west-1" } } # https://registry.terraform.io/providers/DataDog/datadog/latest/docs/resources/integration_aws resource "datadog_integration_aws" "sandbox" { account_id = var.aws_account_id role_name = "DatadogAWSIntegrationRole" filter_tags = var.filter_tags host_tags = var.host_tags account_specific_namespace_rules = var.account_specific_namespace_rules excluded_regions = var.excluded_regions } # https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role resource "aws_iam_role" "datadog_aws_integration" { name = "DatasogAWSIntegrationRole" assume_role_policy = jsonencode({ Version = "2012-10-17" Statement = [ { Effect = "Allow" Action = "sts:AssumeRole" Sid = "Datadog" Principal = { Service = "arn:aws:iam:111111111111:root" }, Condition = { Service = { "sts:ExternalId": "${datadog_integration?aws.datadog_aws_datadog_aws_integration.external_id}" } } }, ] }) tags = { Name = "DatasogAWSIntegrationRole" } } # https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment resource "aws_iam_role_policy_attachment" "datadog_aws_integration" { role = aws_iam_role.datadog_aws_integration.name policy_arn = aws_iam_policy.datadog_aws_integration.arn }
【4】自サービスへの適用
1)モニター作成
provider.tf
terraform { required_providers { datadog = { source = "DataDog/datadog", version = "3.6.0" } } } # Configure the Datadog provider provider "datadog" { # Configuration options api_key = var.datadog_api_key app_key = var.datadog_app_key }
ec2.tf
resource "datadog_monitor" "cpu" { name = "cpu" type = "metric alert" message = "CPU usage alert" query = "avg(last_1m):avg:system.cpu.system{*} by {host} > 60" monitor_thresholds { critical = 60 } }
message.tf
data "message_file" "message" { template = file("notify.tpl") vars = { slack_channel = var.slack_channel pd_service = var.pd_service } }
notify.tpl
# To
Message
# Notified
@slack-${slack_channel} {{^is_recovery}} @pagerduty-${pd_service} {{/is_recovery}}
関連記事
Terraform ~ 環境構築編 ~
https://dk521123.hatenablog.com/entry/2023/04/05/000224
Terraform ~ 入門編 ~
https://dk521123.hatenablog.com/entry/2019/12/09/222057
Terraform ~ 基本編 ~
https://dk521123.hatenablog.com/entry/2023/05/03/000000
Terraform ~ AWS IAM ~
https://dk521123.hatenablog.com/entry/2023/04/12/214311
datadog ~ 基礎知識編 ~
https://dk521123.hatenablog.com/entry/2024/03/30/004746
