From dd175452f5198bd552e0bf8d7e005d66ff0c7ec0 Mon Sep 17 00:00:00 2001 From: Nicolas Hinsch Date: Thu, 6 Aug 2020 17:39:05 -0400 Subject: [PATCH 1/4] Clarify PrivateLink Endpoints in README Several customers have been confused by the need to set up PrivateLink endpoints for both the API and the logs intake. This also threw me off when I set up the Forwarder in a VPC. --- aws/logs_monitoring/README.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/aws/logs_monitoring/README.md b/aws/logs_monitoring/README.md index 22366201e..1d526efac 100644 --- a/aws/logs_monitoring/README.md +++ b/aws/logs_monitoring/README.md @@ -100,15 +100,16 @@ If you can't install the Forwarder using the provided CloudFormation template, y ## AWS PrivateLink Support -Configure the Forwarder using AWS PrivateLink to run in a VPC. +You can run the Forwarder in a VPC by using AWS PrivateLink. -1. Follow the [setup instructions](https://docs.datadoghq.com/agent/guide/private-link/?tab=logs#create-your-vpc-endpoint) for adding Datadog's endpoints to your VPC. +1. Follow the [setup instructions](https://docs.datadoghq.com/agent/guide/private-link/?tab=logs#create-your-vpc-endpoint) for adding Datadog's endpoints to your VPC. **Be sure to add endpoints for both the Datadog API and for Logs.** 2. By default, the Forwarder's API key is stored in the Secrets Manager. The secrets manager endpoint needs to be added to the VPC. You can follow the instructions [here for adding AWS services to a VPC](https://docs.aws.amazon.com/vpc/latest/userguide/vpce-interface.html#create-interface-endpoint). 3. When in installing the Forwarder with the CloudFormation template, enable 'DdUsePrivateLink' and set at least one Subnet Id and Security Group. ### AWS PrivateLink Limitations -Currently, AWS PrivateLink can only be configured with Datadog organizations in the Datadog US region. Trace forwarding is also unsupported. +* AWS PrivateLink can only be configured with Datadog organizations in the Datadog US region. +* Trace forwarding is currently unsupported via AWS PrivateLink. ## Troubleshooting From 985db07ab3c8cb6947f3c48c4d162f7d9718f1c5 Mon Sep 17 00:00:00 2001 From: Nicolas Hinsch Date: Thu, 6 Aug 2020 17:46:47 -0400 Subject: [PATCH 2/4] Update README.md --- aws/logs_monitoring/README.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/aws/logs_monitoring/README.md b/aws/logs_monitoring/README.md index 1d526efac..361684e74 100644 --- a/aws/logs_monitoring/README.md +++ b/aws/logs_monitoring/README.md @@ -102,9 +102,10 @@ If you can't install the Forwarder using the provided CloudFormation template, y You can run the Forwarder in a VPC by using AWS PrivateLink. -1. Follow the [setup instructions](https://docs.datadoghq.com/agent/guide/private-link/?tab=logs#create-your-vpc-endpoint) for adding Datadog's endpoints to your VPC. **Be sure to add endpoints for both the Datadog API and for Logs.** -2. By default, the Forwarder's API key is stored in the Secrets Manager. The secrets manager endpoint needs to be added to the VPC. You can follow the instructions [here for adding AWS services to a VPC](https://docs.aws.amazon.com/vpc/latest/userguide/vpce-interface.html#create-interface-endpoint). -3. When in installing the Forwarder with the CloudFormation template, enable 'DdUsePrivateLink' and set at least one Subnet Id and Security Group. +1. Follow the [setup instructions](https://docs.datadoghq.com/agent/guide/private-link/?tab=logs#create-your-vpc-endpoint) for adding Datadog's **API** endpoint to your VPC. +1. Follow the [same procedure](https://docs.datadoghq.com/agent/guide/private-link/?tab=logs#create-your-vpc-endpoint) to add Datadog's **Logs** endpoint to your VPC. +1. By default, the Forwarder's API key is stored in the Secrets Manager. The secrets manager endpoint needs to be added to the VPC. You can follow the instructions [here for adding AWS services to a VPC](https://docs.aws.amazon.com/vpc/latest/userguide/vpce-interface.html#create-interface-endpoint). +1. When in installing the Forwarder with the CloudFormation template, enable 'DdUsePrivateLink' and set at least one Subnet Id and Security Group. ### AWS PrivateLink Limitations From c9f708b403e36a672a197d94c31fe5886fb2b9ee Mon Sep 17 00:00:00 2001 From: Nicolas Hinsch Date: Thu, 6 Aug 2020 17:47:51 -0400 Subject: [PATCH 3/4] Fix typo --- aws/logs_monitoring/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aws/logs_monitoring/README.md b/aws/logs_monitoring/README.md index 361684e74..a94c21bf5 100644 --- a/aws/logs_monitoring/README.md +++ b/aws/logs_monitoring/README.md @@ -105,7 +105,7 @@ You can run the Forwarder in a VPC by using AWS PrivateLink. 1. Follow the [setup instructions](https://docs.datadoghq.com/agent/guide/private-link/?tab=logs#create-your-vpc-endpoint) for adding Datadog's **API** endpoint to your VPC. 1. Follow the [same procedure](https://docs.datadoghq.com/agent/guide/private-link/?tab=logs#create-your-vpc-endpoint) to add Datadog's **Logs** endpoint to your VPC. 1. By default, the Forwarder's API key is stored in the Secrets Manager. The secrets manager endpoint needs to be added to the VPC. You can follow the instructions [here for adding AWS services to a VPC](https://docs.aws.amazon.com/vpc/latest/userguide/vpce-interface.html#create-interface-endpoint). -1. When in installing the Forwarder with the CloudFormation template, enable 'DdUsePrivateLink' and set at least one Subnet Id and Security Group. +1. When installing the Forwarder with the CloudFormation template, enable 'DdUsePrivateLink' and set at least one Subnet Id and Security Group. ### AWS PrivateLink Limitations From 5c96a8e115125642b0801b990b4c3d495e789706 Mon Sep 17 00:00:00 2001 From: Nicolas Hinsch Date: Thu, 6 Aug 2020 18:02:48 -0400 Subject: [PATCH 4/4] Use numbers --- aws/logs_monitoring/README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/aws/logs_monitoring/README.md b/aws/logs_monitoring/README.md index a94c21bf5..5d21865a3 100644 --- a/aws/logs_monitoring/README.md +++ b/aws/logs_monitoring/README.md @@ -103,9 +103,9 @@ If you can't install the Forwarder using the provided CloudFormation template, y You can run the Forwarder in a VPC by using AWS PrivateLink. 1. Follow the [setup instructions](https://docs.datadoghq.com/agent/guide/private-link/?tab=logs#create-your-vpc-endpoint) for adding Datadog's **API** endpoint to your VPC. -1. Follow the [same procedure](https://docs.datadoghq.com/agent/guide/private-link/?tab=logs#create-your-vpc-endpoint) to add Datadog's **Logs** endpoint to your VPC. -1. By default, the Forwarder's API key is stored in the Secrets Manager. The secrets manager endpoint needs to be added to the VPC. You can follow the instructions [here for adding AWS services to a VPC](https://docs.aws.amazon.com/vpc/latest/userguide/vpce-interface.html#create-interface-endpoint). -1. When installing the Forwarder with the CloudFormation template, enable 'DdUsePrivateLink' and set at least one Subnet Id and Security Group. +2. Follow the [same procedure](https://docs.datadoghq.com/agent/guide/private-link/?tab=logs#create-your-vpc-endpoint) to add Datadog's **Logs** endpoint to your VPC. +3. By default, the Forwarder's API key is stored in the Secrets Manager. The secrets manager endpoint needs to be added to the VPC. You can follow the instructions [here for adding AWS services to a VPC](https://docs.aws.amazon.com/vpc/latest/userguide/vpce-interface.html#create-interface-endpoint). +4. When installing the Forwarder with the CloudFormation template, enable 'DdUsePrivateLink' and set at least one Subnet Id and Security Group. ### AWS PrivateLink Limitations