Skip to content

Commit

Permalink
Datadog integration
Browse files Browse the repository at this point in the history
* Adds the datadog provider
* Conditionally launch a Datadog Agent in the ECS cluster
  • Loading branch information
Stretch96 committed Oct 11, 2024
1 parent 5009d9b commit 5b20110
Show file tree
Hide file tree
Showing 17 changed files with 665 additions and 3 deletions.
68 changes: 66 additions & 2 deletions .terraform.lock.hcl

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

30 changes: 29 additions & 1 deletion README.md

Large diffs are not rendered by default.

24 changes: 24 additions & 0 deletions buildspecs/dalmatian-datadog.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
version: 0.2

phases:
pre_build:
commands:
- echo "Build started on $(date)"
- echo "Logging in to Amazon ECR..."
- aws ecr get-login-password --region "$AWS_DEFAULT_REGION" | docker login --username AWS --password-stdin "$AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com"
- |
if [ -n "$DOCKERHUB_USERNAME" ] && [ -n "DOCKERHUB_TOKEN" ];
then
echo "Logging into Dockerhub ...";
echo "$DOCKERHUB_TOKEN" | docker login --username "$DOCKERHUB_USERNAME" --password-stdin;
fi;
- echo Pulling datadog image from Dockerhub ...
- docker pull datadog/agent:latest
build:
commands:
- echo Adding ECR repo tag...
- docker tag datadog/agent:latest "$REPOSITORY_URI:latest"
post_build:
commands:
- echo Pushing the Docker image...
- docker push "$REPOSITORY_URI:latest"
3 changes: 3 additions & 0 deletions container-definitions/app.json.tpl
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,9 @@
%{ if linux_parameters != "{}" }
"linuxParameters": ${linux_parameters},
%{ endif }
%{ if security_options != "[]" }
"dockerSecurityOptions": ${security_options},
%{ endif }
%{if entrypoint != "[]"}
"entrypoint": ${entrypoint},
%{ endif }
Expand Down
13 changes: 13 additions & 0 deletions ecs-cluster-infrastructure-datadog-agent-api-key.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
#tfsec:ignore:aws-ssm-secret-use-customer-key
resource "aws_secretsmanager_secret" "infrastructure_ecs_cluster_datadog_agent_api_key" {
count = local.enable_infrastructure_ecs_cluster_datadog_agent ? 1 : 0

name = "${local.resource_prefix_hash}/ecs/datadog-agent/DD_API_KEY"
}

resource "aws_secretsmanager_secret_version" "infrastructure_ecs_cluster_datadog_agent_api_key" {
count = local.enable_infrastructure_ecs_cluster_datadog_agent ? 1 : 0

secret_id = aws_secretsmanager_secret.infrastructure_ecs_cluster_datadog_agent_api_key[0].id
secret_string = local.infrastructure_datadog_api_key
}
17 changes: 17 additions & 0 deletions ecs-cluster-infrastructure-datadog-agent-ecr.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
resource "aws_ecr_repository" "infrastructure_ecs_cluster_datadog_agent" {
count = local.enable_infrastructure_ecs_cluster_datadog_agent ? 1 : 0

name = "${local.resource_prefix}-infrastructure-ecs-datadog-agent"

#tfsec:ignore:aws-ecr-enforce-immutable-repository
image_tag_mutability = "MUTABLE"

encryption_configuration {
encryption_type = local.infrastructure_kms_encryption ? "KMS" : "AES256"
kms_key = local.infrastructure_kms_encryption ? aws_kms_key.infrastructure[0].arn : null
}

image_scanning_configuration {
scan_on_push = true
}
}
142 changes: 142 additions & 0 deletions ecs-cluster-infrastructure-datadog-agent-image-codebuild.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,142 @@
resource "aws_iam_role" "infrastructure_ecs_cluster_datadog_agent_image_codebuild" {
count = local.enable_infrastructure_ecs_cluster_datadog_agent ? 1 : 0

name = "${local.resource_prefix}-${substr(sha512("ecs-cluster-datadog-agent-image-codebuild"), 0, 6)}"
description = "${local.resource_prefix}-ecs-cluster-datadog-agent-image-codebuild"
assume_role_policy = templatefile(
"${path.root}/policies/assume-roles/service-principle-standard.json.tpl",
{ services = jsonencode(["codebuild.amazonaws.com", "events.amazonaws.com"]) }
)
}

resource "aws_iam_policy" "infrastructure_ecs_cluster_datadog_agent_image_codebuild_cloudwatch_rw" {
count = local.enable_infrastructure_ecs_cluster_datadog_agent ? 1 : 0

name = "${local.resource_prefix}-${substr(sha512("ecs-cluster-datadog-agent-image-codebuild-cloudwatch-rw"), 0, 6)}"
description = "${local.resource_prefix}-ecs-cluster-datadog-agent-image-codebuild-cloudwatch-rw"
policy = templatefile("${path.root}/policies/cloudwatch-logs-rw.json.tpl", {})
}

resource "aws_iam_role_policy_attachment" "infrastructure_ecs_cluster_datadog_agent_image_codebuild_cloudwatch_rw" {
count = local.enable_infrastructure_ecs_cluster_datadog_agent ? 1 : 0

role = aws_iam_role.infrastructure_ecs_cluster_datadog_agent_image_codebuild[0].name
policy_arn = aws_iam_policy.infrastructure_ecs_cluster_datadog_agent_image_codebuild_cloudwatch_rw[0].arn
}

resource "aws_iam_policy" "infrastructure_ecs_cluster_datadog_agent_image_codebuild_allow_builds" {
count = local.enable_infrastructure_ecs_cluster_datadog_agent ? 1 : 0

name = "${local.resource_prefix}-${substr(sha512("ecs-cluster-datadog-agent-image-codebuild-allow-builds"), 0, 6)}"
description = "${local.resource_prefix}-ecs-cluster-datadog-agent-image-codebuild-allow-builds"
policy = templatefile("${path.root}/policies/codebuild-allow-builds.json.tpl", {})
}

resource "aws_iam_role_policy_attachment" "infrastructure_ecs_cluster_datadog_agent_image_codebuild_allow_builds" {
count = local.enable_infrastructure_ecs_cluster_datadog_agent ? 1 : 0

role = aws_iam_role.infrastructure_ecs_cluster_datadog_agent_image_codebuild[0].name
policy_arn = aws_iam_policy.infrastructure_ecs_cluster_datadog_agent_image_codebuild_allow_builds[0].arn
}

resource "aws_iam_policy" "infrastructure_ecs_cluster_datadog_agent_image_codebuild_ecr_push" {
count = local.enable_infrastructure_ecs_cluster_datadog_agent ? 1 : 0

name = "${local.resource_prefix}-${substr(sha512("ecs-cluster-datadog-agent-image-codebuild-ecr-push"), 0, 6)}"
description = "${local.resource_prefix}-ecs-cluster-datadog-agent-image-codebuild-ecr-push"
policy = templatefile(
"${path.root}/policies/ecr-push.json.tpl",
{ ecr_repository_arn = aws_ecr_repository.infrastructure_ecs_cluster_datadog_agent[0].arn }
)
}

resource "aws_iam_role_policy_attachment" "infrastructure_ecs_cluster_datadog_agent_image_codebuild_ecr_push" {
count = local.enable_infrastructure_ecs_cluster_datadog_agent ? 1 : 0

role = aws_iam_role.infrastructure_ecs_cluster_datadog_agent_image_codebuild[0].name
policy_arn = aws_iam_policy.infrastructure_ecs_cluster_datadog_agent_image_codebuild_ecr_push[0].arn
}

resource "aws_codebuild_project" "infrastructure_ecs_cluster_datadog_agent_image_build" {
count = local.enable_infrastructure_ecs_cluster_datadog_agent ? 1 : 0

name = "${local.resource_prefix}-ecs-cluster-datadog-agent-image-build"
description = "${local.resource_prefix} ECS Cluster Datadog Agent Image Build"
build_timeout = "20"
service_role = aws_iam_role.infrastructure_ecs_cluster_datadog_agent_image_codebuild[0].arn

artifacts {
type = "NO_ARTIFACTS"
}

environment {
compute_type = "BUILD_GENERAL1_SMALL"
image = "aws/codebuild/standard:7.0"
type = "LINUX_CONTAINER"
privileged_mode = true

environment_variable {
name = "AWS_ACCOUNT_ID"
value = local.aws_account_id
}

environment_variable {
name = "REPOSITORY_URI"
value = aws_ecr_repository.infrastructure_ecs_cluster_datadog_agent[0].repository_url
}

environment_variable {
name = "DOCKERHUB_USERNAME"
value = local.infrastructure_dockerhub_username
}

environment_variable {
name = "DOCKERHUB_TOKEN"
value = local.infrastructure_dockerhub_token
}
}

source {
type = "NO_SOURCE"
buildspec = templatefile("${path.root}/buildspecs/dalmatian-datadog.yml", {})
}

depends_on = [
aws_iam_role_policy_attachment.infrastructure_ecs_cluster_datadog_agent_image_codebuild_cloudwatch_rw,
aws_iam_role_policy_attachment.infrastructure_ecs_cluster_datadog_agent_image_codebuild_allow_builds,
aws_iam_role_policy_attachment.infrastructure_ecs_cluster_datadog_agent_image_codebuild_ecr_push,
]
}

resource "terraform_data" "infrastructure_ecs_cluster_datadog_agent_image_build_trigger_codebuild" {
count = local.enable_infrastructure_ecs_cluster_datadog_agent ? 1 : 0

triggers_replace = [
md5(templatefile("${path.root}/buildspecs/dalmatian-datadog.yml", {})),
]

provisioner "local-exec" {
interpreter = ["/bin/bash", "-c"]
command = <<EOF
${path.root}/local-exec-scripts/trigger-codedeploy-project.sh \
-n "${aws_codebuild_project.infrastructure_ecs_cluster_datadog_agent_image_build[0].name}"
EOF
}
}

resource "aws_cloudwatch_event_rule" "infrastructure_ecs_cluster_datadog_agent_image_build_trigger_codebuild" {
count = local.enable_infrastructure_ecs_cluster_datadog_agent ? 1 : 0

name = "${local.resource_prefix_hash}-ecs-cluster-datadog-agent-image-build-trigger-codebuild"
description = "${local.resource_prefix} ECS Cluster Datadog Agent Image Build Trigger CodeBuild"
schedule_expression = "rate(24 hours)"
}

resource "aws_cloudwatch_event_target" "infrastructure_ecs_cluster_datadog_agent_image_build_trigger_codebuild" {
count = local.enable_infrastructure_ecs_cluster_datadog_agent ? 1 : 0

target_id = "${local.resource_prefix_hash}-ecs-cluster-datadog-agent-image-build-trigger-codebuild"
rule = aws_cloudwatch_event_rule.infrastructure_ecs_cluster_datadog_agent_image_build_trigger_codebuild[0].name
arn = aws_codebuild_project.infrastructure_ecs_cluster_datadog_agent_image_build[0].id
role_arn = aws_iam_role.infrastructure_ecs_cluster_datadog_agent_image_codebuild[0].arn
}
Loading

0 comments on commit 5b20110

Please sign in to comment.