Terraform code to setup Azure resources required to collect and forward Azure resource logs to Datadog instance.
This repository builds on top of the logic from Datadog Repository - https://github.com/DataDog/datadog-serverless-functions/tree/master/azure and the business logic for the Azure Function is taken from here.
Most Datadog sites (excluding US3) require a dedicated Azure integration setup to collect and forward Azure resource logs to Datadog. Below is an illustration of this setup:
The configuration involves the following steps:
Create an Azure Event Hub namespace and an Event Hub topic to collect resource logs.
Deploy a Datadog Azure Function with an Event Hub trigger. This function ensures logs are pushed to Datadog in real time when they are generated.
Configure Azure Resources and/or Azure Monitor to send resource and activity logs respectively to the Event Hub topic via Diagnostic Settings.
This repository provides the Terraform code to automate the creation and configuration of these resources, complete with virtual network integration for enhanced security.
Note: Alternatively, to configure these resources manually or to automate the setup using Powershell scripts, follow the official Datadog documentation here.
- Hashicorp Terraform - Download
- Azure CLI - Download
- Ensure you have access to an active Azure subscription. If you don’t have one, you can sign up for a free Azure account
- Retrieve your Datadog API key from the Datadog dashboard under API Keys.
Follow these steps to set up and deploy the infrastructure:
git clone https://github.com/Azure-Samples/terraform-azure-datadog-log-forwarder.git
cd terraform-azure-datadog-log-forwarder
Login to Azure and set the default Subscription
az login
az account set --subscription "<Your Subscription ID>"
Initialize the Terraform project to download providers and prepare the workspace:
terraform init
Review the resources to be created and deploy them:
terraform plan -var="subscription_id=<Azure Subscription>" \
-var="datadog_api_key=<Your Datadog API Key>"
terraform apply -var="subscription_id=<Azure Subscription>" \
-var="datadog_api_key=<Your Datadog API Key>"
Replace the placeholders (<Azure Subscription> and <Your Datadog API Key>) with your specific values.
Once the deployment is complete:
- Confirm that the Event Hub namespace, Datadog Azure Function, and other resources have been created in your Azure portal.
- Verify logs are being forwarded to your Datadog site as expected.
The following tasks will be added to the code base soon:
- Example Azure resource with Diagnostic Setting configuration to direct logs to Event Hub