diff --git a/config/_default/menus/main.en.yaml b/config/_default/menus/main.en.yaml index ccaf854547768..0c5823c5f6d38 100644 --- a/config/_default/menus/main.en.yaml +++ b/config/_default/menus/main.en.yaml @@ -3218,8 +3218,8 @@ menu: parent: serverless identifier: serverless_aws_lambda weight: 1 - - name: Installation - url: serverless/aws_lambda/installation + - name: Instrumentation + url: serverless/aws_lambda/instrumentation parent: serverless_aws_lambda identifier: serverless_aws_lambda_installation weight: 101 diff --git a/content/en/serverless/aws_lambda/configuration.md b/content/en/serverless/aws_lambda/configuration.md index 245c654d07cc5..015712112e410 100644 --- a/content/en/serverless/aws_lambda/configuration.md +++ b/content/en/serverless/aws_lambda/configuration.md @@ -41,6 +41,8 @@ First, [install][1] Datadog Serverless Monitoring to begin collecting metrics, t - [Migrating between x86 to arm64 with the Datadog Lambda Extension](#migrating-between-x86-to-arm64-with-the-datadog-lambda-extension) - [Configure the Datadog Lambda extension for local testing](#configure-the-datadog-lambda-extension-for-local-testing) - [Instrument AWS Lambda with the OpenTelemetry API](#instrument-aws-lambda-with-the-opentelemetry-api) +- [Using Datadog Lambda Extension v67+](#using-datadog-lambda-extension-v67) +- [Configure Auto-linking for DynamoDB PutItem](#configure-auto-linking-for-dynamodb-putitem) - [Troubleshoot](#troubleshoot) - [Further Reading](#further-reading) @@ -272,8 +274,7 @@ DD_APM_REPLACE_TAGS=[ } ] ``` - - +To collect payloads from AWS services, see [Capture Requests and Responses from AWS Services][54]. ## Collect traces from non-Lambda resources @@ -722,6 +723,55 @@ You can use this approach if, for example, your code has already been instrument To instrument AWS Lambda with the OpenTelemetry API, set the environment variable `DD_TRACE_OTEL_ENABLED` to `true`. See [Custom instrumentation with the OpenTelemetry API][48] for more details. +## Using Datadog Lambda Extension v67+ + +Version 67+ of [the Datadog Extension][50] is optimized to significantly reduce cold start duration. + +To use the optimized extension, set the `DD_SERVERLESS_APPSEC_ENABLED` environment variable to `false`. + +When the `DD_SERVERLESS_APPSEC_ENABLED` environment variable is set to `true`, the Datadog Extension defaults to the fully compatible older version. You can also force your extension to use the older version by setting `DD_EXTENSION_VERSION` to `compatibility`. Datadog encourages you to report any feedback or bugs by adding an [issue on GitHub][51] and tagging your issue with `version/next`. + +## Configure Auto-linking for DynamoDB PutItem +_Available for Python and Node.js runtimes_. + +When segments of your asynchronous requests cannot propagate trace context, Datadog's [Span Auto-linking][52] feature automatically detects linked spans. + +To enable Span Auto-linking for [DynamoDB Change Streams][53]'s `PutItem` operation, configure primary key names for your tables. + +{{< tabs >}} +{{% tab "Python" %}} +```python +ddtrace.config.botocore['dynamodb_primary_key_names_for_tables'] = { + 'table_name': {'key1', 'key2'}, + 'other_table': {'other_key'}, +} +``` +{{% /tab %}} +{{% tab "Node.js" %}} +```js +// Initialize the tracer with the configuration +const tracer = require('dd-trace').init({ + dynamoDb: { + tablePrimaryKeys: { + 'table_name': ['key1', 'key2'], + 'other_table': ['other_key'] + } + } +}) +``` +{{% /tab %}} +{{% tab "Environment variable" %}} +```sh +export DD_BOTOCORE_DYNAMODB_TABLE_PRIMARY_KEYS='{ + "table_name": ["key1", "key2"], + "other_table": ["other_key"] +}' +``` +{{% /tab %}} +{{< /tabs >}} + +This enables DynamoDB `PutItem` calls to be instrumented with span pointers. Many DynamoDB API calls do not include the item's primary key fields as separate values, so they need to be provided to the tracer separately. This field is structured as a `dict` keyed by the table names as `str`. Each value is the set of primary key field names (as str) for the associated table. The set can have exactly one or two elements, depending on the table's primary key schema. + ## Troubleshoot If you have trouble configuring your installations, set the environment variable `DD_LOG_LEVEL` to `debug` for debugging logs. For additional troubleshooting tips, see the [serverless monitoring troubleshooting guide][39]. @@ -780,4 +830,8 @@ If you have trouble configuring your installations, set the environment variable [47]: /logs/ [48]: /tracing/trace_collection/otel_instrumentation/ [49]: https://app.datadoghq.com/security/appsec?column=time&order=desc - +[50]: https://github.com/DataDog/datadog-lambda-extension +[51]: https://github.com/DataDog/datadog-lambda-extension/issues +[52]: /serverless/aws_lambda/distributed_tracing/#span-auto-linking +[53]: https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Streams.html +[54]: /tracing/guide/aws_payload_tagging/?code-lang=python&tab=nodejs \ No newline at end of file diff --git a/content/en/serverless/aws_lambda/installation/_index.md b/content/en/serverless/aws_lambda/installation/_index.md deleted file mode 100644 index 3f90e3cefebbe..0000000000000 --- a/content/en/serverless/aws_lambda/installation/_index.md +++ /dev/null @@ -1,53 +0,0 @@ ---- -title: Install Serverless Monitoring for AWS Lambda -aliases: - - /serverless/installation/installing_the_library/ - - /serverless/installation -further_reading: - - link: '/serverless/configuration/' - tag: 'Documentation' - text: 'Configure Serverless Monitoring' - - link: "/integrations/amazon_lambda/" - tag: "Documentation" - text: "AWS Lambda Integration" ---- - -## Quick start - -If you are new to Datadog, [sign up for a Datadog account][1], then follow the Datadog Agent installation instructions for [AWS Lambda][2] to instrument your Lambda function for a quick start with Datadog. Completing the steps configures your Lambda functions to send real-time metrics, logs, and traces to Datadog. - -
A sample application is available on GitHub with instructions on how to deploy with multiple runtimes and infrastructure as code tools.
- -The quick start process configures your Lambda functions on the fly. To instrument Lambda functions permanently, see the detailed installation instructions in the next section. - -## Installation instructions - -For Node.js and Python runtimes, you can use [remote instrumentation][5] to add instrumentation to your AWS Lambda functions and keep them instrumented securely. See [Remote instrumentation for AWS Lambda][5]. - -For other Lambda runtimes (or to instrument your Node.js or Python functions without remote instrumentation) see detailed installation instructions: - -{{< partial name="serverless/getting-started-languages.html" >}} - -## FIPS Compliance Support - -Datadog provides FIPS-compliant monitoring for AWS Lambda functions through dedicated FIPS-compliant Lambda extension layers and runtime-specific configurations. The FIPS-compliant components implement FIPS-certified cryptography and work with any Datadog site, but end-to-end FIPS compliance requires using the US1-FED site. If you need to maintain FIPS compliance while monitoring your Lambda functions, see the [AWS Lambda FIPS Compliance][4] documentation page for details. - -## Advanced Configurations - -After you're done with installation and you've set up telemetry collection, you can use [advanced configurations][3] to: - -- connect your metrics, traces, and logs using tags -- collect telemetry from AWS resources such as API Gateway, AppSync, and Step Functions -- capture the request and response payloads for individual Lambda invocations -- link errors of your Lambda functions to your source code -- filter or scrub sensitive information from logs or traces - -## Further Reading - -{{< partial name="whats-next/whats-next.html" >}} - -[1]: https://app.datadoghq.com/signup/ -[2]: https://app.datadoghq.com/signup/agent#lambda -[3]: /serverless/configuration/ -[4]: /serverless/aws_lambda/fips-compliance/ -[5]: /serverless/aws_lambda/remote_instrumentation \ No newline at end of file diff --git a/content/en/serverless/aws_lambda/instrumentation/_index.md b/content/en/serverless/aws_lambda/instrumentation/_index.md new file mode 100644 index 0000000000000..dc3915e0b3682 --- /dev/null +++ b/content/en/serverless/aws_lambda/instrumentation/_index.md @@ -0,0 +1,55 @@ +--- +title: Instrument AWS Lambda applications +aliases: + - /serverless/installation/installing_the_library/ + - /serverless/installation + - /serverless/aws_lambda/installation +further_reading: + - link: '/serverless/configuration/' + tag: 'Documentation' + text: 'Configure Serverless Monitoring' + - link: "/integrations/amazon_lambda/" + tag: "Documentation" + text: "AWS Lambda Integration" +--- + +## Overview + +Instrument your AWS Lambda applications with a Datadog Lambda Library to collect traces, enhanced metrics, and custom metrics. + +{{< img src="serverless/serverless_tracing_installation_instructions.png" alt="A diagram that shows how Datadog receives telemetry from your instrumented AWS Lambda application. Your Lambda application, instrumented with a Datadog Lambda Library, sends logs, traces, enhanced metrics, and custom metrics to the Datadog Lambda Extension, which then pushes this data to Datadog." style="width:100%;" >}} + +## Quick start + +A sample application is [available on GitHub][6] with instructions on how to deploy with multiple runtimes and infrastructure-as-code tools. + +The quick start process configures your Lambda functions on the fly. To instrument Lambda functions permanently, see the detailed instructions in the next section. + +## Instrumentation instructions + +For Node.js and Python runtimes, you can use [remote instrumentation][5] to add instrumentation to your AWS Lambda functions and keep them instrumented securely. See [Remote instrumentation for AWS Lambda][5]. + +For other Lambda runtimes (or to instrument your Node.js or Python functions without remote instrumentation) see detailed instrumentation instructions: + +{{< partial name="serverless/getting-started-languages.html" >}} + +## Advanced configurations + +After you're done with instrumentation and you've set up telemetry collection, you can use [advanced configurations][3] to: + +- connect your metrics, traces, and logs using tags +- collect telemetry from AWS resources such as API Gateway, AppSync, and Step Functions +- capture the request and response payloads for individual Lambda invocations +- link errors of your Lambda functions to your source code +- filter or scrub sensitive information from logs or traces + +## Further Reading + +{{< partial name="whats-next/whats-next.html" >}} + +[1]: https://app.datadoghq.com/signup/ +[2]: https://app.datadoghq.com/signup/agent#lambda +[3]: /serverless/configuration/ +[4]: /serverless/aws_lambda/fips-compliance/ +[5]: /serverless/aws_lambda/remote_instrumentation +[6]: https://github.com/DataDog/serverless-sample-app \ No newline at end of file diff --git a/content/en/serverless/aws_lambda/installation/dotnet.md b/content/en/serverless/aws_lambda/instrumentation/dotnet.md similarity index 81% rename from content/en/serverless/aws_lambda/installation/dotnet.md rename to content/en/serverless/aws_lambda/instrumentation/dotnet.md index 84e9a900a7bd3..9b3250159e88d 100644 --- a/content/en/serverless/aws_lambda/installation/dotnet.md +++ b/content/en/serverless/aws_lambda/instrumentation/dotnet.md @@ -2,6 +2,7 @@ title: Instrumenting .NET Serverless Applications aliases: - /serverless/installation/dotnet + - /serverless/aws_lambda/instrumentation/dotnet further_reading: - link: '/serverless/configuration' tag: 'Documentation' @@ -14,17 +15,11 @@ further_reading: text: 'Submitting Custom Metrics from Serverless Applications' --- -
If your Lambda functions are deployed in VPC without access to the public internet, you can send data either using AWS PrivateLink for the datadoghq.com Datadog site, or using a proxy for all other sites.
+
Version 67+ of the Datadog Lambda Extension uses an optimized version of the extension. Read more.
-
Version 67+ of the Datadog Lambda Extension uses an optimized version of the extension. Read more.
+## Setup -
For FIPS compliance, use the Datadog FIPS-compliant extension layer, but note that the .NET runtime layer does not require additional configuration. While the FIPS-compliant Lambda components work with any Datadog site, end-to-end FIPS compliance requires using the US1-FED site. See AWS Lambda FIPS Compliance for more details.
- -## Installation - -
A sample application is available on GitHub with instructions on how to deploy with multiple runtimes and infrastructure as code tools.
- -Datadog offers many different ways to enable instrumentation for your serverless applications. Choose a method below that best suits your needs. Datadog generally recommends using the Datadog CLI. You *must* follow the instructions for "Container Image" if your application is deployed as a container image. +If your application is deployed as a container image, use the _Container Image_ method. {{< tabs >}} {{% tab "Datadog CLI" %}} @@ -304,20 +299,9 @@ module "lambda-datadog" { {{% /tab %}} {{< /tabs >}} -## Minimize cold start duration -Version 67+ of [the Datadog Extension][7] is optimized to significantly reduce cold start duration. - -To use the optimized extension, disable App and API Protection (AAP), Continuous Profiler for Lambda, and OpenTelemetry based tracing. Set the following environment variables to `false`: - -- `DD_TRACE_OTEL_ENABLED` -- `DD_PROFILING_ENABLED` -- `DD_SERVERLESS_APPSEC_ENABLED` - -Enabling any of these features cause the extension to default back to the fully compatible older version of the extension. You can also force your extension to use the older version by setting `DD_EXTENSION_VERSION` to `compatibility`. Datadog encourages you to report any feedback or bugs by adding an [issue on GitHub][8] and tagging your issue with `version/next`. +## Add custom spans -## Adding Custom Spans - -When using the [Datadog Lambda tracing layer for .NET](https://github.com/DataDog/dd-trace-dotnet-aws-lambda-layer), ensure that a second version of the .NET tracer is not also packaged with your application code. Add `ExcludeAssets` instruction to ensure this extra tracer is excluded. +When using the [Datadog Lambda tracing layer for .NET][9], ensure that a second version of the .NET tracer is not also packaged with your application code. Add `ExcludeAssets` instruction to ensure this extra tracer is excluded. ```xml @@ -325,19 +309,20 @@ When using the [Datadog Lambda tracing layer for .NET](https://github.com/DataDo ``` -You are now ready to add custom spans and span tags using the .NET tracer. For further instructions on how to add spans, see the [.NET custom instrumentation](https://docs.datadoghq.com/tracing/trace_collection/custom_instrumentation/dotnet/dd-api/) page. +You can then add custom spans and span tags using the .NET tracer. For instructions on how to add spans, see [.NET custom instrumentation][10]. + +## FIPS compliance + +{{% svl-lambda-fips %}} + +## AWS Lambda and VPC + +{{% svl-lambda-vpc %}} -## What's next? -- View metrics, logs, and traces on the [Serverless page][1] in Datadog. By default, the Datadog Lambda extension enables logs. -- Turn on [threat monitoring][6] to get alerted on attackers targeting your service. -- Submit a [custom metric][2] or [APM span][3] to monitor your business logic. -- See the [troubleshooting guide][4] if you have trouble collecting the telemetry -- See the [advanced configurations][5] to - - connect your telemetry using tags - - collect telemetry for Amazon API Gateway, SQS, and so on. - - capture the Lambda request and response payloads - - link errors of your Lambda functions to your source code - - filter or scrub sensitive information from logs or traces +- Add custom tags to your telemetry by using the `DD_TAGS` environment variable +- Configure [payload collection][11] to capture your functions' JSON request and response payloads +- If you are using the Datadog Lambda Extension, turn off the Datadog Forwarder's Lambda logs +- See [advanced configurations][5] for further capabilities ## Further Reading @@ -352,3 +337,6 @@ You are now ready to add custom spans and span tags using the .NET tracer. For f [6]: /security/application_security/serverless/ [7]: https://github.com/DataDog/datadog-lambda-extension [8]: https://github.com/DataDog/datadog-lambda-extension/issues +[9]: https://github.com/DataDog/dd-trace-dotnet-aws-lambda-layer +[10]: https://docs.datadoghq.com/tracing/trace_collection/custom_instrumentation/dotnet/dd-api/ +[11]: /serverless/aws_lambda/configuration?tab=datadogcli#collect-the-request-and-response-payloads \ No newline at end of file diff --git a/content/en/serverless/aws_lambda/installation/go.md b/content/en/serverless/aws_lambda/instrumentation/go.md similarity index 80% rename from content/en/serverless/aws_lambda/installation/go.md rename to content/en/serverless/aws_lambda/instrumentation/go.md index c85a8befabf00..1e977c77a94c7 100644 --- a/content/en/serverless/aws_lambda/installation/go.md +++ b/content/en/serverless/aws_lambda/instrumentation/go.md @@ -13,19 +13,16 @@ further_reading: aliases: - /serverless/datadog_lambda_library/go/ - /serverless/installation/go + - /serverless/aws_lambda/instrumentation/go ---
If your Go Lambda functions are still using runtime go1.x and you cannot migrate to the provided.al2 runtime, you must instrument using the Datadog Forwarder. Otherwise, follow the instructions in this guide to instrument using the Datadog Lambda Extension.
-
If your Lambda functions are deployed in a VPC without access to the public internet, you can send data either using AWS PrivateLink for the datadoghq.com Datadog site, or using a proxy for all other sites.
+
Version 67+ of the Datadog Lambda Extension uses an optimized version of the extension. Read more.
-
Version 67+ of the Datadog Lambda Extension uses an optimized version of the extension. Read more.
+## Setup -
Datadog provides FIPS-compliant monitoring for AWS Lambda functions. For GovCloud environments, the DD_LAMBDA_FIPS_MODE environment variable is enabled by default. When FIPS mode is enabled, AWS FIPS endpoints are used for Datadog API key lookups, and the Lambda metric helper function Metric() requires the FIPS-compliant extension for metric submission. While the FIPS-compliant Lambda components work with any Datadog site, end-to-end FIPS compliance requires using the US1-FED site. See AWS Lambda FIPS Compliance for more details.
- -## Installation - -
A sample application is available on GitHub with instructions on how to deploy with multiple runtimes and infrastructure as code tools.
+If your application is deployed as a container image, use the _Container Image_ method. **Note**: Datadog recommends that you use Go tracer v1.73.1 for instrumenting AWS Lambda functions. @@ -249,28 +246,20 @@ func myHandler(ctx context.Context, _ events.APIGatewayProxyRequest) (string, er } ``` -## Minimize cold start duration -Version 67+ of [the Datadog Extension][5] is optimized to significantly reduce cold start duration. +## FIPS compliance -To use the optimized extension, disable App and API Protection (AAP), Continuous Profiler for Lambda, and OpenTelemetry based tracing. Set the following environment variables to `false`: +{{% svl-lambda-fips %}} -- `DD_TRACE_OTEL_ENABLED` -- `DD_PROFILING_ENABLED` -- `DD_SERVERLESS_APPSEC_ENABLED` +## AWS Lambda and VPC -Enabling any of these features cause the extension to default back to the fully compatible older version of the extension. You can also force your extension to use the older version by setting `DD_EXTENSION_VERSION` to `compatibility`. Datadog encourages you to report any feedback or bugs by adding an [issue on GitHub][6] and tagging your issue with `version/next`. +{{% svl-lambda-vpc %}} ## What's next? -- View metrics, logs, and traces on the [Serverless page][1] in Datadog. By default, the Datadog Lambda extension enables logs. -- Turn on [threat monitoring][4] to get alerted on attackers targeting your service -- See the [troubleshooting guide][2] if you have trouble collecting the telemetry -- See the [advanced configurations][3] to - - connect your telemetry using tags - - collect telemetry for Amazon API Gateway, SQS, etc. - - capture the Lambda request and response payloads - - link errors of your Lambda functions to your source code - - filter or scrub sensitive information from logs or traces +- Add custom tags to your telemetry by using the `DD_TAGS` environment variable +- Configure [payload collection][8] to capture your functions' JSON request and response payloads +- If you are using the Datadog Lambda Extension, turn off the Datadog Forwarder's Lambda logs +- See [advanced configurations][3] for further capabilities ## Further Reading @@ -283,3 +272,4 @@ Enabling any of these features cause the extension to default back to the fully [5]: https://github.com/DataDog/datadog-lambda-extension [6]: https://github.com/DataDog/datadog-lambda-extension/issues [7]: /tracing/trace_collection/custom_instrumentation/go/migration +[8]: /serverless/aws_lambda/configuration?tab=datadogcli#collect-the-request-and-response-payloads diff --git a/content/en/serverless/aws_lambda/installation/java.md b/content/en/serverless/aws_lambda/instrumentation/java.md similarity index 86% rename from content/en/serverless/aws_lambda/installation/java.md rename to content/en/serverless/aws_lambda/instrumentation/java.md index d055b4dbb46d5..cbc73cefa6d42 100644 --- a/content/en/serverless/aws_lambda/installation/java.md +++ b/content/en/serverless/aws_lambda/instrumentation/java.md @@ -13,25 +13,20 @@ further_reading: aliases: - /serverless/datadog_lambda_library/java/ - /serverless/installation/java + - /serverless/aws_lambda/instrumentation/java --- -
Version 67+ of the Datadog Lambda Extension uses an optimized version of the extension. Read more.
- -
For FIPS compliance, use the Datadog FIPS-compliant extension layer, but note that the Java runtime layer does not require additional configuration. While the FIPS-compliant Lambda components work with any Datadog site, end-to-end FIPS compliance requires using the US1-FED site. See AWS Lambda FIPS Compliance for more details.
+
Version 67+ of the Datadog Lambda Extension uses an optimized version of the extension. Read more.
To fully instrument your serverless application with distributed tracing, your Java Lambda functions must be using the Java 8 Corretto (`java8.al2`), Java 11 (`java11`), Java 17 (`java17`), or Java 21 (`java21`) runtimes with at least 1024 MB of memory. -If your Lambda functions are deployed in a VPC without access to the public internet, you can send data either [using AWS PrivateLink][6] for the `datadoghq.com` [Datadog site][7], or [using a proxy][8] for all other sites. - If you previously set up your Lambda functions using the Datadog Forwarder, see [instrumenting using the Datadog Forwarder][9]. Otherwise, follow the instructions in this guide to instrument using the Datadog Lambda Extension. If you are using the Datadog Lambda layers `dd-trace-java:4` (or older) and `Datadog-Extension:24` (or older), follow the [special instructions to upgrade][10]. -## Installation - -
A sample application is available on GitHub with instructions on how to deploy with multiple runtimes and infrastructure as code tools.
+## Setup -Datadog offers many different ways to enable instrumentation for your serverless applications. Choose a method below that best suits your needs. Datadog generally recommends using the Datadog CLI. You *must* follow the instructions for "Container Image" if your application is deployed as a container image. +If your application is deployed as a container image, use the _Container Image_ method. {{< tabs >}} {{% tab "Datadog CLI" %}} @@ -371,29 +366,20 @@ module "lambda-datadog" { {{% /tab %}} {{< /tabs >}} -## Minimize cold start duration -Version 67+ of [the Datadog Extension][12] is optimized to significantly reduce cold start duration. +## FIPS compliance -To use the optimized extension, disable App and API Protection (AAP), Continuous Profiler for Lambda, and OpenTelemetry based tracing. Set the following environment variables to `false`: +{{% svl-lambda-fips %}} -- `DD_TRACE_OTEL_ENABLED` -- `DD_PROFILING_ENABLED` -- `DD_SERVERLESS_APPSEC_ENABLED` +## AWS Lambda and VPC -Enabling any of these features cause the extension to default back to the fully compatible older version of the extension. You can also force your extension to use the older version by setting `DD_EXTENSION_VERSION` to `compatibility`. Datadog encourages you to report any feedback or bugs by adding an [issue on GitHub][13] and tagging your issue with `version/next`. +{{% svl-lambda-vpc %}} ## What's next? -- View metrics, logs, and traces on the [Serverless page][1] in Datadog. By default, the Datadog Lambda extension enables logs. -- Turn on [threat monitoring][11] to get alerted on attackers targeting your service. -- Submit a [custom metric][2] or [APM span][3] to monitor your business logic. -- See the [troubleshooting guide][4] if you have trouble collecting the telemetry -- See the [advanced configurations][5] to - - connect your telemetry using tags - - collect telemetry for Amazon API Gateway, SQS, etc. - - capture the Lambda request and response payloads - - link errors of your Lambda functions to your source code - - filter or scrub sensitive information from logs or traces +- Add custom tags to your telemetry by using the `DD_TAGS` environment variable +- Configure [payload collection][14] to capture your functions' JSON request and response payloads +- If you are using the Datadog Lambda Extension, turn off the Datadog Forwarder's Lambda logs +- See [advanced configurations][5] for further capabilities ## Further Reading @@ -412,3 +398,4 @@ Enabling any of these features cause the extension to default back to the fully [11]: /security/application_security/serverless/ [12]: https://github.com/DataDog/datadog-lambda-extension [13]: https://github.com/DataDog/datadog-lambda-extension/issues +[14]: /serverless/aws_lambda/configuration?tab=datadogcli#collect-the-request-and-response-payloads diff --git a/content/en/serverless/aws_lambda/installation/nodejs.md b/content/en/serverless/aws_lambda/instrumentation/nodejs.md similarity index 82% rename from content/en/serverless/aws_lambda/installation/nodejs.md rename to content/en/serverless/aws_lambda/instrumentation/nodejs.md index e11a7abe2d34c..39077fd860c0f 100644 --- a/content/en/serverless/aws_lambda/installation/nodejs.md +++ b/content/en/serverless/aws_lambda/instrumentation/nodejs.md @@ -17,25 +17,20 @@ aliases: - /serverless/datadog_lambda_library/nodejs/ - /serverless/guide/nodejs/ - /serverless/installation/nodejs + - /serverless/aws_lambda/instrumentation/nodejs --- -
If you previously set up your Lambda functions using the Datadog Forwarder, see instrumenting using the Datadog Forwarder. Otherwise, follow the instructions in this guide to instrument using the Datadog Lambda Extension.
+
Version 67+ of the Datadog Lambda Extension uses an optimized version of the extension. Read more.
-
If your Lambda functions are deployed in VPC without access to the public internet, you can send data either using AWS PrivateLink for the datadoghq.com Datadog site, or using a proxy for all other sites.
+## Setup -
If you are bundling using webpack or esbuild, you may need to mark the Datadog libraries as external.
+### Remote instrumentation -
Version 67+ of the Datadog Lambda Extension uses an optimized version of the extension. Read more.
+If you are instrumenting your Node.js AWS Lambda application for the first time, Datadog recommends that you use remote instrumentation. See [Remote instrumentation for AWS Lambda][11]. -
Datadog provides FIPS-compliant monitoring for AWS Lambda functions. For GovCloud environments, the DD_LAMBDA_FIPS_MODE environment variable is enabled by default. When FIPS mode is enabled, AWS FIPS endpoints are used for Datadog API key lookups, and the Lambda metric helper function sendDistributionMetric requires the FIPS-compliant extension for metric submission. While the FIPS-compliant Lambda components work with any Datadog site, end-to-end FIPS compliance requires using the US1-FED site. See AWS Lambda FIPS Compliance for more details.
+### Other instrumentation methods -## Installation - -
A sample application is available on GitHub with instructions on how to deploy with multiple runtimes and infrastructure as code tools.
- -Datadog offers many different ways to enable instrumentation for your serverless applications. Choose a method below that best suits your needs. Datadog generally recommends using the Datadog CLI. You *must* follow the instructions for "Container Image" if your application is deployed as a container image. - -To use remote instrumentation, see See [Remote instrumentation for AWS Lambda][11]. +If your application is deployed as a container image, use the _Container Image_ method. {{< tabs >}} {{% tab "Datadog CLI" %}} @@ -436,64 +431,20 @@ To configure Datadog using SST v3, follow these steps:
Do not install the Datadog Lambda Library as a layer and as a JavaScript package. If you installed the Datadog Lambda Library as a layer, do not include datadog-lambda-js in your package.json, or install it as a dev dependency and run npm install --production before deploying.
-## Span Auto-linking - -When segments of your asynchronous requests cannot propagate trace context, Datadog's [Span Auto-linking][9] feature automatically detects linked spans. - -### Configure Auto-linking for DynamoDB PutItem - -To enable Span Auto-linking for [DynamoDB Change Streams][10]'s `PutItem` operation, configure primary key names for your tables. - -This enables DynamoDB `PutItem` calls to be instrumented with span pointers. Many DynamoDB API calls do not include the item's primary key fields as separate values, so they need to be provided to the tracer separately. This field is structured as a `object` keyed by the table names as `strings`. Each value is an `array` of primary key fields (as `string`) for the associated table. The array can have exactly one or two elements, depending on the table's primary key schema. - -{{< tabs >}} -{{% tab "Node.js" %}} -```js -// Initialize the tracer with the configuration -const tracer = require('dd-trace').init({ - dynamoDb: { - tablePrimaryKeys: { - 'table_name': ['key1', 'key2'], - 'other_table': ['other_key'] - } - } -}) -``` -{{% /tab %}} - -{{% tab "Environment variable" %}} -```sh -export DD_TRACE_DYNAMODB_TABLE_PRIMARY_KEYS='{ - "table_name": ["key1", "key2"], - "other_table": ["other_key"] -}' -``` -{{% /tab %}} -{{< /tabs >}} - -## Minimize cold start duration -Version 67+ of [the Datadog Extension][7] is optimized to significantly reduce cold start duration. +## FIPS compliance -To use the optimized extension, disable App and API Protection (AAP), Continuous Profiler for Lambda, and OpenTelemetry based tracing. Set the following environment variables to `false`: +{{% svl-lambda-fips %}} -- `DD_TRACE_OTEL_ENABLED` -- `DD_PROFILING_ENABLED` -- `DD_SERVERLESS_APPSEC_ENABLED` +## AWS Lambda and VPC -Enabling any of these features cause the extension to default back to the fully compatible older version of the extension. You can also force your extension to use the older version by setting `DD_EXTENSION_VERSION` to `compatibility`. Datadog encourages you to report any feedback or bugs by adding an [issue on GitHub][8] and tagging your issue with `version/next`. +{{% svl-lambda-vpc %}} ## What's next? -- View metrics, logs, and traces on the [Serverless page][1] in Datadog. By default, the Datadog Lambda extension enables logs. -- Turn on [threat monitoring][6] to get alerted on attackers targeting your service. -- See the sample code to [monitor custom business logic](#monitor-custom-business-logic) -- See the [troubleshooting guide][2] if you have trouble collecting the telemetry -- See the [advanced configurations][3] to - - connect your telemetry using tags - - collect telemetry for Amazon API Gateway, SQS, etc. - - capture the Lambda request and response payloads - - link errors of your Lambda functions to your source code - - filter or scrub sensitive information from logs or traces +- Add custom tags to your telemetry by using the `DD_TAGS` environment variable +- Configure [payload collection][12] to capture your functions' JSON request and response payloads +- If you are using the Datadog Lambda Extension, turn off the Datadog Forwarder's Lambda logs +- See [advanced configurations][3] for further capabilities ### Monitor custom business logic @@ -551,4 +502,5 @@ exports.handler = async (event) => { [8]: https://github.com/DataDog/datadog-lambda-extension/issues [9]: /serverless/aws_lambda/distributed_tracing/#span-auto-linking [10]: https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Streams.html -[11]: /serverless/aws_lambda/remote_instrumentation \ No newline at end of file +[11]: /serverless/aws_lambda/remote_instrumentation +[12]: /serverless/aws_lambda/configuration?tab=datadogcli#collect-the-request-and-response-payloads \ No newline at end of file diff --git a/content/en/serverless/aws_lambda/installation/python.md b/content/en/serverless/aws_lambda/instrumentation/python.md similarity index 83% rename from content/en/serverless/aws_lambda/installation/python.md rename to content/en/serverless/aws_lambda/instrumentation/python.md index eb3581150b079..b51672e8686ea 100644 --- a/content/en/serverless/aws_lambda/installation/python.md +++ b/content/en/serverless/aws_lambda/instrumentation/python.md @@ -14,23 +14,22 @@ aliases: - /serverless/datadog_lambda_library/python/ - /serverless/guide/python/ - /serverless/installation/python + - /serverless/aws_lambda/instrumentation/python algolia: tags: ['python lambda traces'] --- -
If your Python Lambda functions are written in Python 3.6 or less, or you previously set up your Lambda functions using the Datadog Forwarder, see instrumenting using the Datadog Forwarder. Otherwise, follow the instructions in this guide to instrument using the Datadog Lambda Extension.
+
Version 67+ of the Datadog Lambda Extension uses an optimized version of the extension. Read more.
-
If your Lambda functions are deployed in VPC without access to the public internet, you can send data either using AWS PrivateLink for the datadoghq.com Datadog site, or using a proxy for all other sites.
+## Setup -
Version 67+ of the Datadog Lambda Extension uses an optimized version of the extension. Read more.
+### Remote instrumentation -
Datadog provides FIPS-compliant monitoring for AWS Lambda functions. For GovCloud environments, the DD_LAMBDA_FIPS_MODE environment variable is enabled by default. When FIPS mode is enabled, AWS FIPS endpoints are used for Datadog API key lookups, and the Lambda metric helper function lambda_metric requires the FIPS-compliant extension for metric submission. While the FIPS-compliant Lambda components work with any Datadog site, end-to-end FIPS compliance requires using the US1-FED site. See AWS Lambda FIPS Compliance for more details.
+If you are instrumenting your Python AWS Lambda application for the first time, Datadog recommends that you use remote instrumentation. See [Remote instrumentation for AWS Lambda][11]. -## Installation +### Other instrumentation methods -Datadog offers many different ways to enable instrumentation for your serverless applications. Choose a method below that best suits your needs. Datadog generally recommends using the Datadog CLI. You *must* follow the instructions for "Container Image" if your application is deployed as a container image. - -To use remote instrumentation, see See [Remote instrumentation for AWS Lambda][11]. +If your application is deployed as a container image, use the _Container Image_ method. {{< tabs >}} {{% tab "Datadog CLI" %}} @@ -450,57 +449,26 @@ To configure Datadog using SST v3, follow these steps: ## Span Auto-linking -When segments of your asynchronous requests cannot propagate trace context, Datadog's [Span Auto-linking][9] feature automatically detects linked spans. - -### Configure Auto-linking for DynamoDB PutItem -To enable Span Auto-linking for [DynamoDB Change Streams][10]'s `PutItem` operation, configure primary key names for your tables. -{{< tabs >}} -{{% tab "Python" %}} -```python -ddtrace.config.botocore['dynamodb_primary_key_names_for_tables'] = { - 'table_name': {'key1', 'key2'}, - 'other_table': {'other_key'}, -} -``` -{{% /tab %}} +### Configure Auto-linking for DynamoDB PutItem -{{% tab "Environment variable" %}} -```sh -export DD_BOTOCORE_DYNAMODB_TABLE_PRIMARY_KEYS='{ - "table_name": ["key1", "key2"], - "other_table": ["other_key"] -}' -``` -{{% /tab %}} -{{< /tabs >}} -This enables DynamoDB `PutItem` calls to be instrumented with span pointers. Many DynamoDB API calls do not include the item's primary key fields as separate values, so they need to be provided to the tracer separately. This field is structured as a `dict` keyed by the table names as `str`. Each value is the set of primary key field names (as str) for the associated table. The set can have exactly one or two elements, depending on the table's primary key schema. -## Minimize cold start duration -Version 67+ of [the Datadog Extension][7] is optimized to significantly reduce cold start duration. +## FIPS compliance -To use the optimized extension, disable App and API Protection (AAP), Continuous Profiler for Lambda, and OpenTelemetry based tracing. Set the following environment variables to `false`: +{{% svl-lambda-fips %}} -- `DD_TRACE_OTEL_ENABLED` -- `DD_PROFILING_ENABLED` -- `DD_SERVERLESS_APPSEC_ENABLED` +## AWS Lambda and VPC -Enabling any of these features cause the extension to default back to the fully compatible older version of the extension. You can also force your extension to use the older version by setting `DD_EXTENSION_VERSION` to `compatibility`. Datadog encourages you to report any feedback or bugs by adding an [issue on GitHub][8] and tagging your issue with `version/next`. +{{% svl-lambda-vpc %}} ## What's next? -- View metrics, logs, and traces on the [Serverless page][1] in Datadog. By default, the Datadog Lambda extension enables logs. -- Turn on [threat monitoring][6] to get alerted on attackers targeting your service. -- See the sample code to [monitor custom business logic](#monitor-custom-business-logic) -- See the [troubleshooting guide][2] if you have trouble collecting the telemetry -- See the [advanced configurations][3] to - - connect your telemetry using tags - - collect telemetry for Amazon API Gateway, SQS, etc. - - capture the Lambda request and response payloads - - link errors of your Lambda functions to your source code - - filter or scrub sensitive information from logs or traces +- Add custom tags to your telemetry by using the `DD_TAGS` environment variable +- Configure [payload collection][12] to capture your functions' JSON request and response payloads +- If you are using the Datadog Lambda Extension, turn off the Datadog Forwarder's Lambda logs +- See [advanced configurations][3] for further capabilities ### Monitor custom business logic @@ -554,4 +522,5 @@ def get_message(): [8]: https://github.com/DataDog/datadog-lambda-extension/issues [9]: /serverless/aws_lambda/distributed_tracing/#span-auto-linking [10]: https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Streams.html -[11]: /serverless/aws_lambda/remote_instrumentation \ No newline at end of file +[11]: /serverless/aws_lambda/remote_instrumentation +[12]: /serverless/aws_lambda/configuration?tab=datadogcli#collect-the-request-and-response-payloads \ No newline at end of file diff --git a/content/en/serverless/aws_lambda/installation/ruby.md b/content/en/serverless/aws_lambda/instrumentation/ruby.md similarity index 86% rename from content/en/serverless/aws_lambda/installation/ruby.md rename to content/en/serverless/aws_lambda/instrumentation/ruby.md index 0c538f2148d54..6c354dc7f5b1a 100644 --- a/content/en/serverless/aws_lambda/installation/ruby.md +++ b/content/en/serverless/aws_lambda/instrumentation/ruby.md @@ -16,19 +16,16 @@ further_reading: aliases: - /serverless/datadog_lambda_library/ruby/ - /serverless/installation/ruby + - /serverless/aws_lambda/instrumentation/ruby ---
If you previously set up your Lambda functions using the Datadog Forwarder, see instrumenting using the Datadog Forwarder. Otherwise, follow the instructions in this guide to instrument using the Datadog Lambda Extension.
-
If your Lambda functions are deployed in VPC without access to the public internet, you can send data either using AWS PrivateLink for the datadoghq.com Datadog site, or using a proxy for all other sites.
+
Version 67+ of the Datadog Lambda Extension uses an optimized version of the extension. Read more.
-
Version 67+ of the Datadog Lambda Extension uses an optimized version of the extension. Read more.
+## Setup -
For FIPS compliance, use the Datadog FIPS-compliant extension layer, but note that the Ruby runtime layer does not require additional configuration. While the FIPS-compliant Lambda components work with any Datadog site, end-to-end FIPS compliance requires using the US1-FED site. See AWS Lambda FIPS Compliance for more details.
- -## Installation - -Datadog offers many different ways to enable instrumentation for your serverless applications. Choose a method below that best suits your needs. Datadog generally recommends using the Datadog CLI. You *must* follow the instructions for "Container Image" if your application is deployed as a container image. +If your application is deployed as a container image, use the _Container Image_ method. {{< tabs >}} {{% tab "Datadog CLI" %}} @@ -332,29 +329,19 @@ To install and configure the Datadog Serverless Plugin, follow these steps: {{% /tab %}} {{< /tabs >}} -## Minimize cold start duration -Version 67+ of [the Datadog Extension][10] is optimized to significantly reduce cold start duration. +## FIPS compliance -To use the optimized extension, disable App and API Protection (AAP), Continuous Profiler for Lambda, and OpenTelemetry based tracing. Set the following environment variables to `false`: +{{% svl-lambda-fips %}} -- `DD_TRACE_OTEL_ENABLED` -- `DD_PROFILING_ENABLED` -- `DD_SERVERLESS_APPSEC_ENABLED` +## AWS Lambda and VPC -Enabling any of these features cause the extension to default back to the fully compatible older version of the extension. You can also force your extension to use the older version by setting `DD_EXTENSION_VERSION` to `compatibility`. Datadog encourages you to report any feedback or bugs by adding an [issue on GitHub][11] and tagging your issue with `version/next`. +{{% svl-lambda-vpc %}} ## What's next? -- View metrics, logs, and traces on the [Serverless page][1] in Datadog. By default, the Datadog Lambda extension enables logs. -- Turn on [threat monitoring][9] to get alerted on attackers targeting your service. -- See the sample code to [monitor custom business logic](#monitor-custom-business-logic) -- See the [troubleshooting guide][5] if you have trouble collecting the telemetry -- See the [advanced configurations][6] to - - connect your telemetry using tags - - collect telemetry for Amazon API Gateway, SQS, etc. - - capture the Lambda request and response payloads - - link errors of your Lambda functions to your source code - - filter or scrub sensitive information from logs or traces +- Add custom tags to your telemetry by using the `DD_TAGS` environment variable +- If you are using the Datadog Lambda Extension, turn off the Datadog Forwarder's Lambda logs +- See [advanced configurations][6] for further capabilities ### Monitor custom business logic diff --git a/layouts/shortcodes/svl-lambda-fips.md b/layouts/shortcodes/svl-lambda-fips.md new file mode 100644 index 0000000000000..a42b9554f215e --- /dev/null +++ b/layouts/shortcodes/svl-lambda-fips.md @@ -0,0 +1,3 @@ +Datadog provides FIPS-compliant monitoring for AWS Lambda functions. For AWS GovCloud environments, the `DD_LAMBDA_FIPS_MODE` environment variable is enabled by default. When FIPS mode is enabled, AWS FIPS endpoints are used for Datadog API key lookups, and the Lambda metric helper function `lambda_metric` requires the FIPS-compliant extension for metric submission. While the FIPS-compliant Lambda components work with any Datadog site, end-to-end FIPS compliance requires using the US1-FED site. See [AWS Lambda FIPS Compliance][1001] for more details. + +[1001]: /serverless/aws_lambda/fips-compliance \ No newline at end of file diff --git a/layouts/shortcodes/svl-lambda-vpc b/layouts/shortcodes/svl-lambda-vpc new file mode 100644 index 0000000000000..d54617eaeec31 --- /dev/null +++ b/layouts/shortcodes/svl-lambda-vpc @@ -0,0 +1,7 @@ +If your Lambda functions are deployed in a Virtual Private Cloud (VPC) without access to the public internet, and you are using the `datadoghq.com` [Datadog site][2002], you can [use AWS PrivateLink][2001] to send data. + +If your Lambda functions are deployed in a VPC, and you are using a [Datadog site][2002] that is **not** `datadoghq.com`, you can [use a proxy][2003] to send data. + +[2001]: /agent/guide/private-link/ +[2002]: /getting_started/site/ +[2003]: /agent/configuration/proxy/ \ No newline at end of file