SaaS를 활용한 모니터링(Datadog) #2

구축방법

Datadog integration AWS infrastructure monitoring

사용자 AWS 계정에 datadog에서 사용한 iam role 생성 DatadogIntegretionRole

{
    "Version": "2012-10-17",
    "Statement": [
        "Effect": "Allow",
        "Principal": {
            "AWS": "arn:aws:iam::<my_id>"
        },
        "Action": "sts:AssumRole",
        "Condition": {
            "StringEquals": {
                "sts:ExternalId": "<YOUR_AWS_EXTERNAL_ID Integrations>"
            }
        }
    ]
}

권한

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": [
        "apigateway:GET",
        "autoscaling:Describe*",
        "backup:List*",
        "budgets:ViewBudget",
        "cloudfront:GetDistributionConfig",
        "cloudfront:ListDistributions",
        "cloudtrail:DescribeTrails",
        "cloudtrail:GetTrailStatus",
        "cloudtrail:LookupEvents",
        "cloudwatch:Describe*",
        "cloudwatch:Get*",
        "cloudwatch:List*",
        "codedeploy:List*",
        "codedeploy:BatchGet*",
        "directconnect:Describe*",
        "dynamodb:List*",
        "dynamodb:Describe*",
        "ec2:Describe*",
        "ec2:GetTransitGatewayPrefixListReferences",
        "ec2:SearchTransitGatewayRoutes",
        "ecs:Describe*",
        "ecs:List*",
        "elasticache:Describe*",
        "elasticache:List*",
        "elasticfilesystem:DescribeFileSystems",
        "elasticfilesystem:DescribeTags",
        "elasticfilesystem:DescribeAccessPoints",
        "elasticloadbalancing:Describe*",
        "elasticmapreduce:List*",
        "elasticmapreduce:Describe*",
        "es:ListTags",
        "es:ListDomainNames",
        "es:DescribeElasticsearchDomains",
        "events:CreateEventBus",
        "fsx:DescribeFileSystems",
        "fsx:ListTagsForResource",
        "health:DescribeEvents",
        "health:DescribeEventDetails",
        "health:DescribeAffectedEntities",
        "kinesis:List*",
        "kinesis:Describe*",
        "lambda:GetPolicy",
        "lambda:List*",
        "logs:DeleteSubscriptionFilter",
        "logs:DescribeLogGroups",
        "logs:DescribeLogStreams",
        "logs:DescribeSubscriptionFilters",
        "logs:FilterLogEvents",
        "logs:PutSubscriptionFilter",
        "logs:TestMetricFilter",
        "organizations:Describe*",
        "organizations:List*",
        "rds:Describe*",
        "rds:List*",
        "redshift:DescribeClusters",
        "redshift:DescribeLoggingStatus",
        "route53:List*",
        "s3:GetBucketLogging",
        "s3:GetBucketLocation",
        "s3:GetBucketNotification",
        "s3:GetBucketTagging",
        "s3:ListAllMyBuckets",
        "s3:PutBucketNotification",
        "ses:Get*",
        "sns:List*",
        "sns:Publish",
        "sqs:ListQueues",
        "states:ListStateMachines",
        "states:DescribeStateMachine",
        "support:DescribeTrustedAdvisor*",
        "support:RefreshTrustedAdvisorCheck",
        "tag:GetResources",
        "tag:GetTagKeys",
        "tag:GetTagValues",
        "xray:BatchGetTraces",
        "xray:GetTraceSummaries"
      ],
      "Effect": "Allow",
      "Resource": "*"
    }
  ]
}

datadog에서는 해당 iam role을 사용하여 지정된 서비스 metrics 수집

Datadog Agent를 활용한 Application Performance Monitoring