[TON-466][TON-473] feat(aws_quickstart): forward CloudTrail resource update events to Datadog for agent installation#312
Merged
raymondeah merged 20 commits intoMay 29, 2026
Conversation
…main_extended and main_extended_workflow v4.10.0 (PR #306) added the InstrumentationResourceTypes parameter only to main_v2.yaml. main_extended.yaml and main_extended_workflow.yaml are the templates UI launches actually use going forward, so the parameter and the DatadogSite + InstrumentationResourceTypes passthrough to the role stack belong there too. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
raymondeah
force-pushed
the
ray.eah/ton-466-agent-install-event-forwarding
branch
from
38e7642 to
10db3d6
Compare
raymondeah
changed the base branch from
master
to
ray.eah/ton-388-port-instrumentation-resource-types-to-extended
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
raymondeah
force-pushed
the
ray.eah/ton-466-agent-install-event-forwarding
branch
from
10db3d6 to
a72d03c
Compare
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
raymondeah
force-pushed
the
ray.eah/ton-466-agent-install-event-forwarding
branch
from
a72d03c to
ce20937
Compare
…t to main_workflow (drop main_extended) main_extended.yaml isn't on the UI launch path; revert there and apply to main_workflow.yaml instead. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…instrumenter-events intake Adds an EventBridge connection, API destination, invocation role, and EC2 CloudTrail rule as a new nested stack, conditionally deployed when InstrumentationResourceTypes is set. Single-region by design. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…tionResourceTypes; add EKS Add an EKS CloudTrail rule (CreateCluster, TagResource, UntagResource) and gate each rule on whether its UDM type appears in InstrumentationResourceTypes. Substring check is via Fn::Split / Fn::Join — CFN has no Conditions-level substring intrinsic. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…type EC2 CreateTags/DeleteTags are scoped to instances via resourcesSet item resourceId prefix "i-"; EKS TagResource/UntagResource are scoped to cluster ARNs via wildcard match. Creation events (RunInstances, CreateCluster) bypass the filter through EventBridge $or because their request payloads don't carry the filter field. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…4.11.0, changelog - Rename datadog_agent_install_forwarding.yaml to datadog_agent_resource_update_forwarding.yaml (the pipeline forwards resource update events; agent install is one consumer) - DatadogAgentInstallForwardingStack -> DatadogAgentResourceUpdateForwardingStack in main_v2.yaml - Bump version.txt to v4.11.0 + add 4.11.0 changelog entry - Revert README — leave matching current prod Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…ored comments Drop "instrumenter-events" from connection and rule descriptions, the main_v2 comment, and the changelog entry. Remove the explanatory comments I added under Conditions and Resources (substring-trick and $or rationale). The intake URL itself stays — it's the actual ApiDestination endpoint. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…gement" Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…ded and main_extended_workflow These two templates also need the InstrumentationResourceTypes parameter (originally added only to main_v2 in v4.10.0) plus the same gating, role-stack wiring, and conditional forwarding stack as main_v2. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…w (drop main_extended) main_extended.yaml isn't on the UI launch path; revert there and add the forwarding wiring to main_workflow.yaml alongside main_v2 and main_extended_workflow. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
raymondeah
force-pushed
the
ray.eah/ton-466-agent-install-event-forwarding
branch
from
ce20937 to
c464a1b
Compare
…te events Extends the forwarding pipeline (4.12.0) to also forward EC2 ModifyInstanceAttribute and EKS UpdateClusterConfig / UpdateClusterVersion CloudTrail events. These represent queryable-field changes that affect Agent management rule evaluation but previously only reached Datadog via the hourly reconciler. Bumps to v4.13.0. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
raymondeah
changed the title
…t-instrumentation-resource-types-to-extended # Conflicts: # aws_quickstart/CHANGELOG.md
…tion-resource-types-to-extended' into ray.eah/ton-466-agent-install-event-forwarding # Conflicts: # aws_quickstart/CHANGELOG.md # aws_quickstart/version.txt
…log to single entry - Remove ShouldForwardEvents condition and DatadogAgentResourceUpdateForwardingStack resource from main_v2.yaml. The template is deprecated and no longer the UI launch path; forwarding ships via main_workflow.yaml and main_extended_workflow.yaml. - Collapse the two staged CHANGELOG entries (forwarding pipeline + non-tag update events) into a single v4.13.0 entry; revert version.txt to v4.13.0. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
…n multiple regions IAM role names are account-global. With an explicit RoleName the second-region deploy of the same template fails with EntityAlreadyExists. Letting CloudFormation auto-generate the name lets customers deploy the integration in every region they want covered. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Contributor
Author
|
@codex review |
|
To use Codex here, create a Codex account and connect to github. |
Sergio-Na
approved these changes
May 27, 2026
raymondeah
changed the base branch from
ray.eah/ton-388-port-instrumentation-resource-types-to-extended
to
master
…nt-install-event-forwarding # Conflicts: # aws_quickstart/CHANGELOG.md # aws_quickstart/version.txt
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What does this PR do?
When
InstrumentationResourceTypesis non-empty inmain_workflow.yamlormain_extended_workflow.yaml, deploys a nesteddatadog_agent_resource_update_forwarding.yamlstack with:datadog-agent-resource-update-intake-connectiondatadog-agent-resource-update-intake-destinationhttps://api.${DatadogSite}/api/unstable/instrumenter/eventsevents:InvokeApiDestinationpermissiondatadog-agent-resource-update-rule-ec2aws:ec2:instanceis specified inInstrumentationResourceTypesdatadog-agent-resource-update-rule-eksaws:eks:clusteris specified inInstrumentationResourceTypesMotivation
The Datadog Agent management feature needs near-real-time signal when EC2 instances and EKS clusters are created, tagged, or reconfigured
Testing Guidelines
InstrumentationResourceTypesparameter is exposed in the CFN console and the nested forwarding stack deploys when set.