Unified service tagging for AWS Lambda #9374
Conversation
github-actions
bot
added
the
getting_started
tianchu
added
WORK IN PROGRESS
github-actions
bot
added
the
getting_started
tianchu
changed the title
Co-authored-by: Kaylyn <kaylyn.sigler@datadoghq.com>
| @@ -198,15 +198,15 @@ For example: | |||
| datadog-ci lambda instrument -f my-function -f another-function -r us-east-1 -v 26 --forwarder arn:aws:lambda:us-east-1:000000000000:function:datadog-forwarder | |||
| ``` | |||
|
|
|||
| If your Lambda function is configured to use code signing, you must add Datadog's Signing Profile ARN (`arn:aws:signer:us-east-1:464622532012:/signing-profiles/DatadogLambdaSigningProfile/9vMI9ZAGLc`) to your function's [Code Signing Configuration][5] before you can instrument it with the Datadog CLI. | |||
| If your Lambda function is configured to use code signing, you must add Datadog's Signing Profile ARN (`arn:aws:signer:us-east-1:464622532012:/signing-profiles/DatadogLambdaSigningProfile/9vMI9ZAGLc`) to your function's [Code Signing Configuration][4] before you can instrument it with the Datadog CLI. | |||
There was a problem hiding this comment.
Side note - can we remove this from the main installation steps into a separate file? I think since this doesn't apply to most customers this will come off as confusing ("This seems complicated, I don't know if I should set this up") and makes our happy path installation instructions longer.
There was a problem hiding this comment.
We should remove this for all runtimes, a potential solution is to add a new Code Signing page under the "Serverless Integrations" section.
There was a problem hiding this comment.
Perhaps we can shorten the paragraph and link it to a separate page, but I don't think we should remove this paragraph completely here, because for customers having code signing enforcement enabled this is a must-do step. Of course, it's a relatively new feature so it's less important right now, but I don't know if it's going to be adopted more widely in the future. Either way, I think this should be a separate PR, and probably we should also consult @nhinsch's opinion?
There was a problem hiding this comment.
My understanding from takes from serverless devs online is this something more niche that people in enterprises know to look for to check an audit/compliance checkbox (as opposed to something they aren't sure whether or not they need), so I think there's more benefit to putting this in a separate page so our instructions are more straightforward.
| Transform: | ||
| - AWS::Serverless-2016-10-31 | ||
| - Name: DatadogServerless | ||
| Parameters: |
There was a problem hiding this comment.
Are we adding functionality to support adding tags on all functions in your template.yml? Without additional context, this looks like a typo.
There was a problem hiding this comment.
Isn't this supported? https://github.com/DataDog/datadog-cloudformation-macro/tree/master/serverless#aws-sam Did I miss anything?
There was a problem hiding this comment.
I meant specifically for the version tag since that's not listed in the example here
There was a problem hiding this comment.
Yeah, I think we need to update the macro to support the version tag first, and then come back to update this doc, since the version tag is not yet supported by the macro?
| @@ -36,11 +36,15 @@ You need to subscribe the Datadog Forwarder Lambda function to each of your func | |||
| 1. [Install the Datadog Forwarder if you haven't][2]. | |||
| 2. [Subscribe the Datadog Forwarder to your function's log groups][5]. | |||
|
|
|||
| ### Unified Service Tagging | |||
There was a problem hiding this comment.
Do we need a section heading here? If it's just one section, we can leave this as a note or bold it
There was a problem hiding this comment.
It's only a subsection under the Configuration section, but I can go either way.
|
I think this is also missing changes to https://docs.datadoghq.com/serverless/serverless_tagging?tab=serverlessframework, which we should update to contain the info mentioned here (since it's a bit duplicated now). |
What does this PR do?
Document how to apply
env,serviceandversiontags to Lambda functions. Since "serverless" is a big world that has other players than just AWS Lambda functions (though Lambda dominates), I created a section for "Serverless" and put `AWS Lambda functions" under it as a subsection.Also add a link to this doc from the serverless installation instructions.
Motivation
The serverless team consistently get this kind of questions from our customers, and a few of them referred to this doc and complained that there were no instructions for serverless (specifically for Lambda functions).
Preview
https://docs-staging.datadoghq.com/tian.chu/serverless-unified-service-tagging/getting_started/tagging/unified_service_tagging/
https://docs-staging.datadoghq.com/tian.chu/serverless-unified-service-tagging/serverless/installation/python
https://docs-staging.datadoghq.com/tian.chu/serverless-unified-service-tagging/serverless/installation/nodejs
https://docs-staging.datadoghq.com/tian.chu/serverless-unified-service-tagging/serverless/installation/ruby
https://docs-staging.datadoghq.com/tian.chu/serverless-unified-service-tagging/serverless/installation/go
https://docs-staging.datadoghq.com/tian.chu/serverless-unified-service-tagging/serverless/installation/java
https://docs-staging.datadoghq.com/tian.chu/serverless-unified-service-tagging/serverless/installation/dotnet
Additional Notes
Reviewer checklist