DataDog · buraizu · Nov 8, 2025 · Nov 5, 2025 · Nov 5, 2025 · Nov 5, 2025
@@ -3692,6 +3692,27 @@ menu:
       parent: network_path
       identifier: network_path_guides
       weight: 504
+    - name: Storage Management
+      url: /infrastructure/storage_management/
+      pre: file-wui
+      identifier: storage_management
+      parent: infrastructure_heading
+      weight: 90000
+    - name: Amazon S3
+      url: /infrastructure/storage_management/amazon_s3/
+      parent: storage_management
+      identifier: storage_management_amazon_s3
+      weight: 1
+    - name: Google Cloud Storage
+      url: /infrastructure/storage_management/google_cloud_storage/
+      parent: storage_management
+      identifier: storage_management_google_cloud_storage
+      weight: 2
+    - name: Azure Blob Storage
+      url: /infrastructure/storage_management/azure_blob_storage/
+      parent: storage_management
+      identifier: storage_management_azure_blob_storage
+      weight: 3
     - name: Cloud Cost
       url: cloud_cost_management/
       identifier: cloud_cost

@@ -0,0 +1,28 @@
+---
+title: Storage Management
+further_reading:
+    - link: "https://www.datadoghq.com/blog/datadog-storage-monitoring/"
+      tag: "Blog"
+      text: "Optimize and troubleshoot cloud storage at scale with Storage Monitoring"
+    - link: "https://www.datadoghq.com/blog/storage-monitoring-recommendations/"
+      tag: "Blog"
+      text: "Reduce cloud storage costs and improve operational efficiency with Datadog Storage Monitoring"
+aliases:
+    - /integrations/guide/storage-monitoring-setup
+---
+
+## Overview
+
+Storage Management for Amazon S3, Google Cloud Storage, and Azure Blob Storage provides deep, prefix-level analytics to help you understand exactly how your storage is being used. With Storage Management you can:
+- **Pinpoint where spend is coming from in your bucket**: Break storage cost to the prefix so you know which workloads, teams, or environments drive growth.
+- **Identify cold data**: Spot buckets with rarely accessed prefixes, and move cold data to lower-cost tiers.
+- **Tune retention and lifecycle rules with data**: Read/write and age metrics show when objects were last used, so you can shift unused prefixes to Glacier, Intelligent-Tiering, and other low-cost classes.
+- **Monitor data freshness**: Age metrics show how recently each prefix was updated, so you can confirm that backups and other time-sensitive data are landing in prefixes when they should.
+
+You can access Storage Management in Datadog by navigating to **Infrastructure** > [**Storage Management**][1].
+
+Use the guides below to set up Storage Management in Datadog for your cloud storage service.
+
+{{< partial name="cloud_storage_monitoring/storage-monitoring-setup.html" >}}
+
+[1]: https://app.datadoghq.com/storage-management
@@ -0,0 +1,89 @@
+---
+title: Storage Management for Microsoft Azure Blob Storage
+further_reading:
+    - link: "https://www.datadoghq.com/blog/datadog-storage-monitoring/"
+      tag: "Blog"
+      text: "Optimize and troubleshoot cloud storage at scale with Storage Monitoring"
+    - link: "https://www.datadoghq.com/blog/storage-monitoring-recommendations/"
+      tag: "Blog"
+      text: "Reduce cloud storage costs and improve operational efficiency with Datadog Storage Monitoring"
+---
+
+{{< callout url="https://www.datadoghq.com/product-preview/storage-monitoring/" >}}
+  Storage Management is in Preview. Request access to start monitoring your object storage.
+{{< /callout >}}
+
+## Setup
+
+{{< tabs >}}
+{{% tab "Azure CLI" %}}
+
+Enable inventories for the selected storage accounts in each subscription by running the following script in your [Azure Cloud Shell][301]:
+
+```shell
+curl https://datadogstoragemonitoring.blob.core.windows.net/scripts/install.sh \
+  | bash -s -- <CLIENT_ID> <SUBSCRIPTION_ID> <COMMA_SEPARATED_STORAGE_ACCOUNT_NAMES>
+```
+
+Before running the script, set your [shell environment][302] to Bash and replace the various placeholder inputs with the correct values:
+- `<CLIENT_ID>`: The client ID of an App Registration already set up using the [Datadog Azure integration][302]
+- `<SUBSCRIPTION_ID>`: The subscription ID of the Azure subscription containing the storage accounts
+- `<COMMA_SEPARATED_STORAGE_ACCOUNT_NAMES>`: A comma-separated list of the storage accounts you want to monitor (for example, `storageaccount1,storageaccount2`)
+
+[301]: https://shell.azure.com
+[302]: /integrations/azure/#setup
+[303]: https://learn.microsoft.com/en-us/azure/cloud-shell/get-started/classic?tabs=azurecli#select-your-shell-environment
+{{% /tab %}}
+
+{{% tab "Azure Portal" %}}
+
+For Each Storage Account you wish to monitor, follow all of the steps here:
+
+### Create a blob inventory policy
+1. In the Azure portal, navigate to your Storage Account.
+2. Go to **Data management** > **Blob inventory**.
+3. Click **Add**.
+4. Configure the policy:
+   - Name: **datadog-storage-monitoring**
+   - Destination container:
+      - Click **Create new**, and enter the name `datadog-storage-monitoring`.
+   - Object type to inventory: **Blob**
+   - Schedule: **Daily**
+   - Blob types: Select **Block blobs**, **Append blobs**, and **Page blobs**.
+   - Subtypes: Select **Include blob versions**
+   - Schema fields: Select All, or ensure that at least the following are selected:
+      - **Name**
+      - **Access tier**
+      - **Last modified**
+      - **Content length**
+      - **Server encrypted**
+      - **Current version status**
+      - **Version ID**
+   - Exclude prefix: datadog-storage-monitoring
+5. Click **Add**.
+
+### Add the role assignment
+1. In the Azure portal, navigate to your Storage Account.
+2. Go to **Data storage** > **Containers**.
+3. Click on the **datadog-storage-monitoring** container.
+4. Click on **Access control (IAM)** in the left-hand menu.
+5. Click **Add** > **Add role assignment**.
+6. Fill out the role assignment:
+    - Role: Select **Storage Blob Data Reader**. Click **Next**.
+    - Assign access to: **User, group, or service principal**.
+    - Members: Click **+ Select members** and search for your App Registration by its name and select it.
+    - **Note**: This should be an App Registration set up in the Datadog Azure integration. Keep in mind the Client ID for later.
+7.  Click **Review + assign**.
+
+{{% /tab %}}
+{{< /tabs >}}
+
+### Post-Installation
+
+After you finish with the above steps, fill out the [post-setup form][1].
+
+## Further reading
+
+{{< partial name="whats-next/whats-next.html" >}}
+
+[1]: https://forms.gle/WXFbGyBwWfEo3gbM7
@@ -0,0 +1,210 @@
+---
+title: Storage Management for Google Cloud Storage
+further_reading:
+    - link: "https://www.datadoghq.com/blog/datadog-storage-monitoring/"
+      tag: "Blog"
+      text: "Optimize and troubleshoot cloud storage at scale with Storage Monitoring"
+    - link: "https://www.datadoghq.com/blog/storage-monitoring-recommendations/"
+      tag: "Blog"
+      text: "Reduce cloud storage costs and improve operational efficiency with Datadog Storage Monitoring"
+---
+
+{{< callout url="https://www.datadoghq.com/product-preview/storage-monitoring/" >}}
+  Storage Management is in Preview. Request access to start monitoring your object storage.
+{{< /callout >}}
+
+## Setup
+
+### Step 1: Install the Google Cloud integration and enable resource collection
+
+To collect Google Cloud Storage metrics from your Google Cloud project, install the Google Cloud integration in Datadog. Enable Resource Collection for the project containing the buckets you want to monitor. Resource Collection allows Datadog to associate your buckets' labels with the metrics collected through Storage Management.
+
+**Note**: While you can disable specific metric namespaces, keep the Cloud Storage namespace (gcp.storage) enabled.
+
+### Step 2: Enable the Storage Insights API
+
+Enable the [Storage Insights][2] API in your Google Cloud project.
+
+### Step 3: Grant service agent permissions
+
+After enabling the Storage Insights API, a project-level service agent is created automatically with the following format: `service-PROJECT_NUMBER@gcp-sa-storageinsights.iam.gserviceaccount.com`
+
+The service agent requires these IAM roles:
+
+1. `roles/storage.insightsCollectorService` on the source bucket (includes storage.buckets.getObjectInsights and storage.buckets.get permissions)
+2. `roles/storage.objectCreator` on the destination bucket (includes the storage.objects.create permission)
+
+### Step 4: Create an inventory report configuration
+
+You can create an inventory report configuration in multiple ways. The quickest methods use the Google Cloud CLI or Terraform templates. Regardless of the method, ensure the configuration:
+
+1. Includes these metadata fields: `"bucket", "name", "project", "size", "updated", "storageClass"`
+2. Generates CSV reports with `'\n'` as the delimiter and `','` as the separator
+3. Uses this destination path format: `<BUCKET>/{{date}}`, where `<BUCKET>` is the monitored bucket-name
+
+{{< tabs >}}
+{{% tab "Google Cloud CLI" %}}
+
+Use the [Google Cloud CLI][301] to run the following command:
+
+```
+gcloud storage insights inventory-reports create <SOURCE_BUCKET_URL> \
+  --no-csv-header \
+  --display-name=datadog-storage-monitoring \
+  --destination=gs://<DESTINATION_BUCKET>/<SOURCE_BUCKET>/{{date}}> \
+  --metadata-fields=project,bucket,name,size,updated,storageClass \
+  --schedule-starts=<YYYY-MM-DD> \
+  --schedule-repeats=<DAILY|WEEKLY> \
+  --schedule-repeats-until=<YYYY-MM-DD>
+```
+
+[301]: https://cloud.google.com/storage/docs/insights/using-inventory-reports#create-config-cli
+
+{{% /tab %}}
+{{% tab "Terraform" %}}
+
+Copy the following Terraform template, substitute the necessary arguments, and apply it in the Google Cloud project that contains your bucket.
+
+<!-- vale off -->
+{{% collapse-content title="Terraform configuration for inventory reports" level="h4" expanded=true %}}
+
+```hcl
+locals {
+  source_bucket      = "" # The name of the bucket you want to monitor
+  destination_bucket = "" # The bucket where inventory reports are written
+  frequency          = "" # Possible values: Daily, Weekly (report generation frequency)
+  location           = "" # The location of your source and destination buckets
+}
+
+data "google_project" "project" {
+}
+
+resource "google_storage_insights_report_config" "config" {
+  display_name = "datadog-storage-monitoring"
+  location     = local.location
+  frequency_options {
+    frequency = local.frequency
+    start_date {
+      day   = "" # Fill in the day
+      month = "" # Fill in the month
+      year  = "" # Fill in the year
+    }
+    end_date {
+      day   = "" # Fill in the day
+      month = "" # Fill in the month
+      year  = "" # Fill in the year
+    }
+  }
+  csv_options {
+    record_separator = "\n"
+    delimiter        = ","
+    header_required  = false
+  }
+  object_metadata_report_options {
+    metadata_fields = ["bucket", "name", "project", "size", "updated", "storageClass"]
+    storage_filters {
+      bucket = local.source_bucket
+    }
+    storage_destination_options {
+      bucket           = google_storage_bucket.report_bucket.name
+      destination_path = "${local.source_bucket}/{{date}}"
+    }
+  }
+
+  depends_on = [
+    google_storage_bucket_iam_member.admin
+  ]
+}
+
+resource "google_storage_bucket" "report_bucket" {
+  name                        = local.destination_bucket
+  location                    = local.location
+  force_destroy               = true
+  uniform_bucket_level_access = true
+}
+
+resource "google_storage_bucket_iam_member" "admin" {
+  bucket = google_storage_bucket.report_bucket.name
+  role   = "roles/storage.admin"
+  member = "serviceAccount:service-${data.google_project.project.number}@gcp-sa-storageinsights.iam.gserviceaccount.com"
+}
+```
+
+{{% /collapse-content %}}
+<!-- vale on -->
+
+{{% /tab %}}
+{{% tab "Allow Datadog to create the configuration on your behalf" %}}
+
+You can allow Datadog to handle the inventory report configuration by providing the proper permissions to your service account:
+
+1. Navigate to IAM & Admin -> Service accounts
+2. Find your Datadog service account and add the `roles/storageinsights.Admin` role
+3. Navigate to the source bucket you want to monitor and grant these permissions:
+   - `roles/storage.insightsCollectorService`
+   - `roles/storage.ObjectViewer`
+4. Navigate to the destination bucket and grant these permissions:
+   - `roles/storage.objectCreator`
+   - `roles/storage.insightsCollectorService`
+
+Alternatively, you can create a custom role specifically for Datadog with these required permissions:
+
+```
+storage.buckets.get
+storage.objects.list
+storage.buckets.getObjectInsights
+storage.buckets.get
+storage.objects.create
+storageinsights.reportConfigs.get
+storageinsights.reportConfigs.create
+storageinsights.reportConfigs.list
+storageinsights.reportConfigs.update
+storage.objects.get
+storageinsights.reportDetails.get
+storageinsights.reportDetails.list
+```
+
+After granting the necessary permissions, Datadog can create the inventory report configuration with your setup details.
+
+{{% /tab %}}
+{{< /tabs >}}
+
+### Step 5: Add the Storage Object Viewer role to your Datadog service account
+
+Grant Datadog permission to access and extract the generated inventory reports from Google. This permission should be on the destination bucket where the inventory reports are stored.
+
+1. Select the destination bucket for your inventory reports
+2. In the bucket details page, click the Permissions tab
+3. Under Permissions, click Grant Access to add a new principal
+4. Principal: Enter the Datadog Service Account email
+5. Role: Select Storage Object Viewer (`roles/storage.objectViewer`)
+
+### Post-setup steps
+
+After completing the setup steps, fill out the [post-setup][3] form with the following required information:
+1. Name of the destination bucket holding the inventory files
+2. Name of the service account with the granted permissions
+3. Prefix where the files are stored in the destination bucket (if any)
+4. Name of the source bucket you want to monitor (the bucket producing inventory files)
+5. Google Cloud location of the destination bucket holding the inventory files
+6. Google Cloud ProjectID containing the buckets
+7. Datadog org name
+
+### Validation
+
+To verify your setup:
+1. Wait for the first inventory report to generate (up to 24 hours for daily reports or 7 days for weekly reports).
+2. Check the destination bucket for inventory files.
+3. Confirm the Datadog integration can access the files.
+4. Navigate to **Infrastructure** > **Storage Management** > **Installation Recommendations** to see if your configured bucket appears in the list.
+
+### Troubleshooting
+
+If you encounter any issues or need assistance:
+- Use only one destination bucket for all inventory files per Google Cloud project.
+- Verify all permissions are correctly configured.
+- If issues persist, [contact Datadog][1] with your bucket details, Google Cloud Project ID, and Datadog org name.
+
+[1]: mailto:storage-monitoring@datadoghq.com
+[2]: https://cloud.google.com/storage/docs/insights/using-inventory-reports#enable_the_api
+[3]: https://forms.gle/c7b8JiLENDaUEqGk8
@@ -54,7 +54,7 @@ Some features cannot be managed through the Datadog resource in Azure. These inc
 - Metric filtering at the **resource** level
 - [Cloud Cost Management][8] (CCM)
 - [Log Archiving][9]
-- [Storage Monitoring][7]
+- [Storage Management][7]
 
 ## Setup
 
@@ -434,7 +434,7 @@ To uninstall the Datadog extension, select the appropriate app, then click **Uni
 [3]: https://docs.microsoft.com/cli/azure/datadog?view=azure-cli-latest
 [5]: https://app.datadoghq.com/dash/integration/71/azure-overview
 [6]: https://app.datadoghq.com/monitors/templates?q=azure
-[7]: /integrations/guide/storage-monitoring-setup/#setup-for-azure-blob-storage
+[7]: /infrastructure/storage_management/azure_blob_storage
 [8]: /cloud_cost_management/setup/azure/
 [9]: /logs/guide/azure-automated-log-forwarding/#log-archiving
 [10]: https://docs.microsoft.com/azure/azure-resource-manager/management/control-plane-and-data-plane