-
Notifications
You must be signed in to change notification settings - Fork 395
AWS Forwarder v5 #1010
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
Merged
AWS Forwarder v5 #1010
Changes from all commits
Commits
Show all changes
18 commits
Select commit
Hold shift + click to select a range
4df1098
refactor(aws)!: AWSX-1703 Change matching of regex. Previously done a…
ViBiOh a9301a9
feat(aws)!: Drop deprecated TCP support (#1000)
ViBiOh b3342fc
feat(aws)!: Remove deprecated PrivateLink env variable (#1002)
ViBiOh f7fb1e1
docs(aws): Removing JSON explanation in the include at match document…
ViBiOh 7a39141
Add environment variable to support backend storage tag enrichment (#…
ViBiOh 14e7d11
fix(aws): Fixing discrepancies of the fetch configuration between clo…
ViBiOh b50198d
feat: Add a changelog for the v5 (#1009)
ViBiOh 9e5b3f4
Update aws/logs_monitoring/CHANGELOG.md
ViBiOh 84a369c
Update aws/logs_monitoring/CHANGELOG.md
ViBiOh 4899a4c
Update aws/logs_monitoring/CHANGELOG.md
ViBiOh f2d2298
Update aws/logs_monitoring/CHANGELOG.md
ViBiOh 6121a28
Update aws/logs_monitoring/CHANGELOG.md
ViBiOh df4d09c
docs: Updating changelog from comments
ViBiOh 8edda81
fixup! docs: Updating changelog from comments
ViBiOh 2356c4e
Add reference to the changelog in README (for public doc) (#1011)
ViBiOh 2712e51
refactor: Improve error handling for exception (#1012)
ViBiOh 58ce3b7
Update aws/logs_monitoring/lambda_function.py
ViBiOh 1220669
fixup! Update aws/logs_monitoring/lambda_function.py
ViBiOh File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,120 @@ | ||
| # Datadog Lambda Forwarder Changelog | ||
|
|
||
| ## v5.0.0 - BREAKING CHANGES | ||
|
|
||
| ### Overview | ||
|
|
||
| Version 5.0.0 of the Datadog Lambda Forwarder introduces several breaking changes that remove deprecated features and improve log filtering behavior. This release introduces a new way to enrich logs with tags that will reduce AWS Lambda related cost (S3, KMS and Lambda). | ||
|
|
||
| ### New Features | ||
|
|
||
| #### 1. Backend Storage Tag Enrichment | ||
|
|
||
| **Added:** | ||
|
|
||
| - New `DD_ENRICH_S3_TAGS` / `DdEnrichS3Tags` parameter (default: `true`) | ||
| - New `DD_ENRICH_CLOUDWATCH_TAGS` / `DdEnrichCloudwatchTags` parameter (default: `true`) | ||
| - These instruct the Datadog backend to automatically enrich logs with resource tags **after ingestion** | ||
| - New cloudwatch tags can appear on logs, check your Datadog log index configuration to ensure smooth transition. | ||
|
|
||
| **Benefits:** | ||
|
|
||
| - **Reduces forwarder cost** and execution time | ||
| - Provides the same tag enrichment as `DdFetchS3Tags` and `DdFetchLogGroupTags` | ||
| - Requires [Resource Collection](https://docs.datadoghq.com/integrations/amazon-web-services/#resource-collection) enabled in your AWS integration | ||
|
|
||
| **Deprecation Notice:** | ||
|
|
||
| - `DdFetchS3Tags` is now marked as **DEPRECATED** in favor of `DdEnrichS3Tags` | ||
| - `DdFetchLogGroupTags` is now marked as **DEPRECATED** in favor of `DdEnrichCloudwatchTags` | ||
| - `DD_FETCH_S3_TAGS` now defaults to `false` (previously `true`) | ||
|
|
||
| --- | ||
|
|
||
| ### Breaking Changes | ||
|
|
||
| #### 1. Changed Regex Matching Behavior for Log Filtering | ||
|
|
||
| **What Changed:** | ||
|
|
||
| - `IncludeAtMatch` / `INCLUDE_AT_MATCH` and `ExcludeAtMatch` / `EXCLUDE_AT_MATCH` regex patterns now match **only against the log message** itself | ||
| - Previously, these patterns matched against the **entire JSON-formatted log** | ||
|
|
||
| **Migration Required:** | ||
|
|
||
| - **Review and update filtering regex patterns** | ||
| - If your patterns relied on matching against JSON structure or metadata fields, they will need to be rewritten | ||
| - Example changes needed: | ||
| - **Before (v4)**: `\"awsRegion\":\"us-east-1\"` (matched JSON with escaped quotes) | ||
| - **After (v5)**: `"awsRegion":"us-east-1"` (matches the message content directly) | ||
| - Patterns that matched the `message` field content should continue to work with minimal changes | ||
|
|
||
| --- | ||
|
|
||
| #### 2. Removed TCP Transport Support | ||
|
|
||
| **What Changed:** | ||
|
|
||
| - Removed the `DD_USE_TCP` / `DdUseTcp` environment variable and parameter | ||
| - Deleted the TCP client implementation | ||
| - All logs now **must** be sent via HTTP/HTTPS | ||
|
|
||
| **Migration Required:** | ||
|
|
||
| - Remove any configuration setting `DD_USE_TCP=true` or `DdUseTcp=true` | ||
| - The forwarder will now exclusively use HTTP protocol | ||
| - If you were using TCP with custom ports (10516), these configurations will be ignored | ||
| - The default HTTP endpoint is now `http-intake.logs.<DD_SITE>` on port 443 | ||
|
|
||
| --- | ||
|
|
||
| #### 3. Removed Deprecated PrivateLink Environment Variable | ||
|
|
||
| **What Changed:** | ||
|
|
||
| - Removed the `DD_USE_PRIVATE_LINK` / `DdUsePrivateLink` environment variable and parameter | ||
|
|
||
| **Migration Required:** | ||
|
|
||
| - Remove any configuration setting `DD_USE_PRIVATE_LINK=true` | ||
| - **AWS PrivateLink is still fully supported**, follow [PrivateLink documentation](https://docs.datadoghq.com/agent/guide/private-link/) for more information about the setup: | ||
| 1. Set up VPC endpoints for `api`, `http-logs.intake`, and `trace.agent` as documented | ||
| 2. Configure the forwarder with `DdUseVPC=true` | ||
| 3. Set `VPCSecurityGroupIds` and `VPCSubnetIds` | ||
|
|
||
| **Why This Changed:** | ||
|
|
||
| - The variable was previously deprecated but not removed from past versions. | ||
|
|
||
| --- | ||
|
|
||
| ### Upgrade Instructions | ||
|
|
||
| Follow Datadog's official [documentation](https://docs.datadoghq.com/logs/guide/forwarder/?tab=cloudformation#upgrade-to-a-new-version) for upgrading Lambda Forwarder. | ||
|
|
||
| #### Pre-Upgrade Checklist | ||
|
|
||
| 1. **Verify that TCP transport is not used:** | ||
|
|
||
| ```bash | ||
| aws lambda get-function-configuration --function-name "<YOUR_FORWARDER>" --query 'Environment.Variables.DD_USE_TCP' | ||
| ``` | ||
|
|
||
| 2. **Verify that deprecated PrivateLink variable is not used:** | ||
|
|
||
| ```bash | ||
| aws lambda get-function-configuration --function-name "<YOUR_FORWARDER>" --query 'Environment.Variables.DD_USE_PRIVATE_LINK' | ||
| ``` | ||
|
|
||
| 3. **Review log filtering patterns:** | ||
| - When using `IncludeAtMatch` or `ExcludeAtMatch`, test the patterns against log messages only | ||
| - Remove any JSON escaping (e.g., `\"` → `"`) | ||
|
|
||
| #### Testing | ||
|
|
||
| After upgrading: | ||
|
|
||
| 1. Verify logs are being forwarded to Datadog | ||
| 2. Check that filtering rules still work as expected | ||
| 3. Confirm tag enrichment is working (check logs in Datadog Explorer) | ||
| 4. Monitor forwarder execution duration and errors in CloudWatch | ||
Oops, something went wrong.
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
TCP (transport) doesn't relate to HTTP/HTTPs (application) maybe we should also clarify that logs are sent to a different intake as well?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's a different intake than the direct TCP intake yes, but it was an internal configuration depending on the DD_SITE and it was not configurable.