Skip to content

docs(logs): Disable more tags enrichment when using private link #974

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
ViBiOh merged 1 commit into from
Jul 29, 2025
Merged

docs(logs): Disable more tags enrichment when using private link #974

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 5 additions & 2 deletions aws/logs_monitoring/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -305,7 +305,7 @@ You can run the Forwarder in a VPC private subnet and send data to Datadog over
3. When installing the Forwarder with the CloudFormation template:
1. Set `DdUseVPC` to `true`.
2. Set `VPCSecurityGroupIds` and `VPCSubnetIds` based on your VPC settings.
3. Set `DdFetchLambdaTags` to `false`, because AWS Resource Groups Tagging API doesn't support PrivateLink.
3. Set `DdFetchLambdaTags`, `DdFetchStepFunctionsTags` and `DdFetchS3Tags` to `false`, because AWS Resource Groups Tagging API doesn't support PrivateLink.

#### DdUsePrivateLink is deprecated

Expand All @@ -326,7 +326,7 @@ If you must deploy the Forwarder to a VPC without direct public internet access,
1. Unless the Forwarder is deployed to a public subnet, follow the [instructions][15] to add endpoints for Secrets Manager and S3 to the VPC, so that the Forwarder can access those services.
2. Update your proxy with following configurations ([HAProxy][17] or [NGINX][18]). If you are using another proxy, or Web Proxy, allowlist the Datadog domain, for example: `.{{< region-param key="dd_site" code="true" >}}`.
3. When installing the Forwarder with the CloudFormation template, set `DdUseVPC`, `VPCSecurityGroupIds`, and `VPCSubnetIds`.
4. Ensure the `DdFetchLambdaTags` option is disabled, because AWS VPC does not yet offer an endpoint for the Resource Groups Tagging API.
4. Ensure the `DdFetchLambdaTags`, `DdFetchStepFunctionsTags` and `DdFetchS3Tags` options are disabled, because AWS VPC does not yet offer an endpoint for the Resource Groups Tagging API.
5. If you are using HAProxy or NGINX:

- Set `DdApiUrl` to `http://<proxy_host>:3834` or `https://<proxy_host>:3834`.
Expand Down Expand Up @@ -456,6 +456,9 @@ To test different patterns against your logs, turn on [debug logs](#troubleshoot
`DdFetchStepFunctionsTags`
: Let the Forwarder fetch Step Functions tags using GetResources API calls and apply them to logs and traces (if Step Functions tracing is enabled). If set to true, permission `tag:GetResources` will be automatically added to the Lambda execution IAM role.

`DdFetchS3Tags`
: Let the Forwarder fetch S3 tags using GetResources API calls and apply them to logs and traces. If set to true, permission `tag:GetResources` will be automatically added to the Lambda execution IAM role.

`DdStepFunctionsTraceEnabled`
: Set to true to enable tracing for all Step Functions.

Expand Down
Loading