Update Datadog policies. Allow attaching SecurityAudit policy to the Datadog IAM role

[aknysh]

what

• Update Datadog policies
• Allow attaching SecurityAudit policy to the Datadog IAM role

why

• Datadog has updated the required permissions for the "All" and 'Core" IAM policy configurations - keep up to date
• Attaching the SecurityAudit policy allows Datadog to collect information about how AWS resources are configured (used in Datadog Cloud Security Posture Management to read security configuration metadata)
• Datadog Cloud Security Posture Management (CSPM) makes it easier to assess and visualize the current and historic security posture of cloud environments, automate audit evidence collection, and catch misconfigurations that leave your organization vulnerable to attacks
• Cloud Security Posture Management (CSPM) can be accessed at https://app.datadoghq.com/security/compliance/home

notes

• The process to enable Datadog Cloud Security Posture Management (CSPM) consists of two steps (one automated, the other manual):

  • Enable SecurityAudit policy and provision it with terraform
  • In Datadog UI, perform the following manual steps:

  Go to the Datadog AWS integration tile
  Click on the AWS account where you wish to enable resource collection
  Go to the Resource collection section for that account and check the box "Route resource data to the Cloud Security Posture Management product"
  At the bottom left of the tile, click Update Configuration
  

references

• https://docs.datadoghq.com/integrations/amazon_web_services/?tab=roledelegation#datadog-aws-iam-policy
• https://docs.datadoghq.com/security_platform/cspm/
• https://docs.datadoghq.com/integrations/amazon_web_services/?tab=roledelegation#resource-collection

[aknysh]

/test all

[aknysh]

/test all