[SVLS-8313] add guide on disabling cloudwatch logs#34509
[SVLS-8313] add guide on disabling cloudwatch logs#34509ava-silver wants to merge 7 commits intomasterfrom
Conversation
Preview links (active after the
|
ava-silver
force-pushed
the
ava.silver/svls-8313/add-guide-on-disabling-cloudwatch-logs
branch
from
11cfcb5 to
5891b54
Compare
|
applying do not merge until we release the datadog-ci commands |
| ], | ||
| }); | ||
|
|
||
| denyCloudWatchLogsPolicy.attachToRole(fn.role!); |
There was a problem hiding this comment.
I would avoid shortening lambda function to fn, just because Fn is actually something different in cdk
| new iam.PolicyStatement({ | ||
| effect: iam.Effect.DENY, | ||
| actions: ["logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents"], | ||
| resources: [`arn:aws:logs:*:*:log-group:/aws/lambda/${fn.functionName}:*`], |
There was a problem hiding this comment.
We should sub in the log group here like you did in datadog-ci, here's where you can get it from in cdk, I imagine that each IaC tool has something similar
| @@ -19,6 +19,7 @@ cascade: | |||
| {{< nextlink href="/serverless/guide/agent_configuration" >}}Agent Configuration{{< /nextlink >}} | |||
There was a problem hiding this comment.
As a general comment to this, should we support a disableCloudWatch flag on our IaC tools so they don't need to do this explicitly?
There was a problem hiding this comment.
I was thinking about this as well -- I think it's a good idea but I'd like to not block the UI changes on this, especially since this flow is targeting remote instrumentation users who aren't using these IaC tools, so this is just for temporary parity.
3 participants
What does this PR do? What is the motivation?
Merge instructions
Merge readiness:
For Datadog employees:
Your branch name MUST follow the
<name>/<description>convention and include the forward slash (/). Without this format, your pull request will not pass CI, the GitLab pipeline will not run, and you won't get a branch preview. Getting a branch preview makes it easier for us to check any issues with your PR, such as broken links.If your branch doesn't follow this format, rename it or create a new branch and PR.
[6/5/2025] Merge queue has been disabled on the documentation repo. If you have write access to the repo, the PR has been reviewed by a Documentation team member, and all of the required checks have passed, you can use the Squash and Merge button to merge the PR. If you don't have write access, or you need help, reach out in the #documentation channel in Slack.
Additional notes