From f39e92f02ae1ab71e75a0dad1bc2623c34ab3ee3 Mon Sep 17 00:00:00 2001 From: Katie McKew Date: Thu, 5 Mar 2026 13:49:38 +0100 Subject: [PATCH 1/3] feat(aws): support custom DdSite value --- .../datadog_integration_api_call_v2.yaml | 13 ++----- aws_quickstart/main_extended.yaml | 38 ++++++++++--------- aws_quickstart/main_v2.yaml | 38 ++++++++++--------- aws_quickstart/main_workflow.yaml | 38 ++++++++++--------- 4 files changed, 64 insertions(+), 63 deletions(-) diff --git a/aws_quickstart/datadog_integration_api_call_v2.yaml b/aws_quickstart/datadog_integration_api_call_v2.yaml index 7a0ee488..cb17ffaf 100644 --- a/aws_quickstart/datadog_integration_api_call_v2.yaml +++ b/aws_quickstart/datadog_integration_api_call_v2.yaml @@ -16,15 +16,10 @@ Parameters: DatadogSite: Type: String Default: datadoghq.com - Description: Define your Datadog Site to send data to. - AllowedValues: - - datadoghq.com - - datadoghq.eu - - us3.datadoghq.com - - us5.datadoghq.com - - ap1.datadoghq.com - - ap2.datadoghq.com - - ddog-gov.com + Description: >- + Define your Datadog Site to send data to. + Allowed values: datadoghq.com, datadoghq.eu, us3.datadoghq.com, us5.datadoghq.com, + ap1.datadoghq.com, ap2.datadoghq.com, ddog-gov.com (GovCloud). IAMRoleName: Description: >- The name of the IAM role created for Datadog's use. diff --git a/aws_quickstart/main_extended.yaml b/aws_quickstart/main_extended.yaml index e4f7bf7b..ae4d66bb 100644 --- a/aws_quickstart/main_extended.yaml +++ b/aws_quickstart/main_extended.yaml @@ -32,15 +32,10 @@ Parameters: DatadogSite: Type: String Default: datadoghq.com - Description: Define your Datadog Site to send data to. - AllowedValues: - - datadoghq.com - - datadoghq.eu - - us3.datadoghq.com - - us5.datadoghq.com - - ap1.datadoghq.com - - ap2.datadoghq.com - - ddog-gov.com + Description: >- + Define your Datadog Site to send data to. + Allowed values: datadoghq.com, datadoghq.eu, us3.datadoghq.com, us5.datadoghq.com, + ap1.datadoghq.com, ap2.datadoghq.com, ddog-gov.com (GovCloud). IAMRoleName: Description: Customize the name of IAM role for Datadog AWS integration Type: String @@ -151,6 +146,10 @@ Conditions: Fn::Equals: - !Ref DisableResourceCollection - false + IsStaging: + Fn::Equals: + - !Ref DatadogSite + - datad0g.com EnableAgentlessScanning: Fn::And: - Fn::Not: @@ -228,18 +227,21 @@ Resources: IAMRoleName: !Ref IAMRoleName ResourceCollectionPermissions: !If [ResourceCollectionPermissions, true, false] DdAWSAccountId: !If - - IsAP1 - - "417141415827" + - IsStaging + - "727006795293" - !If - - IsAP2 - - "412381753143" + - IsAP1 + - "417141415827" - !If - - IsGov + - IsAP2 + - "412381753143" - !If - - IsAWSGovCloud - - "065115117704" - - "392588925713" - - "464622532012" + - IsGov + - !If + - IsAWSGovCloud + - "065115117704" + - "392588925713" + - "464622532012" # The Lambda function to ship logs from S3 and CloudWatch, custom metrics and traces from Lambda functions to Datadog # https://github.com/DataDog/datadog-serverless-functions/tree/master/aws/logs_monitoring ForwarderStack: diff --git a/aws_quickstart/main_v2.yaml b/aws_quickstart/main_v2.yaml index 88bba2cb..f33e16cd 100644 --- a/aws_quickstart/main_v2.yaml +++ b/aws_quickstart/main_v2.yaml @@ -19,15 +19,10 @@ Parameters: DatadogSite: Type: String Default: datadoghq.com - Description: Define your Datadog Site to send data to. - AllowedValues: - - datadoghq.com - - datadoghq.eu - - us3.datadoghq.com - - us5.datadoghq.com - - ap1.datadoghq.com - - ap2.datadoghq.com - - ddog-gov.com + Description: >- + Define your Datadog Site to send data to. + Allowed values: datadoghq.com, datadoghq.eu, us3.datadoghq.com, us5.datadoghq.com, + ap1.datadoghq.com, ap2.datadoghq.com, ddog-gov.com (GovCloud). IAMRoleName: Description: Customize the name of IAM role for Datadog AWS integration Type: String @@ -96,6 +91,10 @@ Conditions: Fn::Equals: - !Ref DisableResourceCollection - false + IsStaging: + Fn::Equals: + - !Ref DatadogSite + - datad0g.com IsAP1: Fn::Equals: - !Ref DatadogSite @@ -136,18 +135,21 @@ Resources: IAMRoleName: !Ref IAMRoleName ResourceCollectionPermissions: !If [ResourceCollectionPermissions, true, false] DdAWSAccountId: !If - - IsAP1 - - "417141415827" + - IsStaging + - "727006795293" - !If - - IsAP2 - - "412381753143" + - IsAP1 + - "417141415827" - !If - - IsGov + - IsAP2 + - "412381753143" - !If - - IsAWSGovCloud - - "065115117704" - - "392588925713" - - "464622532012" + - IsGov + - !If + - IsAWSGovCloud + - "065115117704" + - "392588925713" + - "464622532012" # The Lambda function to ship logs from S3 and CloudWatch, custom metrics and traces from Lambda functions to Datadog # https://github.com/DataDog/datadog-serverless-functions/tree/master/aws/logs_monitoring ForwarderStack: diff --git a/aws_quickstart/main_workflow.yaml b/aws_quickstart/main_workflow.yaml index 58689484..cb739245 100644 --- a/aws_quickstart/main_workflow.yaml +++ b/aws_quickstart/main_workflow.yaml @@ -29,15 +29,10 @@ Parameters: DatadogSite: Type: String Default: datadoghq.com - Description: Define your Datadog Site to send data to. - AllowedValues: - - datadoghq.com - - datadoghq.eu - - us3.datadoghq.com - - us5.datadoghq.com - - ap1.datadoghq.com - - ap2.datadoghq.com - - ddog-gov.com + Description: >- + Define your Datadog Site to send data to. + Allowed values: datadoghq.com, datadoghq.eu, us3.datadoghq.com, us5.datadoghq.com, + ap1.datadoghq.com, ap2.datadoghq.com, ddog-gov.com (GovCloud). IAMRoleName: Description: Customize the name of IAM role for Datadog AWS integration Type: String @@ -85,6 +80,10 @@ Conditions: Fn::Equals: - !Ref DisableResourceCollection - false + IsStaging: + Fn::Equals: + - !Ref DatadogSite + - datad0g.com IsAP1: Fn::Equals: - !Ref DatadogSite @@ -308,18 +307,21 @@ Resources: IAMRoleName: !Ref IAMRoleName ResourceCollectionPermissions: !If [ResourceCollectionPermissions, true, false] DdAWSAccountId: !If - - IsAP1 - - "417141415827" + - IsStaging + - "727006795293" - !If - - IsAP2 - - "412381753143" + - IsAP1 + - "417141415827" - !If - - IsGov + - IsAP2 + - "412381753143" - !If - - IsAWSGovCloud - - "065115117704" - - "392588925713" - - "464622532012" + - IsGov + - !If + - IsAWSGovCloud + - "065115117704" + - "392588925713" + - "464622532012" # Step 3: Notify IAM role creation finished NotifyIAMRoleCreationFinished: From 4f2a12a8688aecb79caddf522b96f42d6963d9c7 Mon Sep 17 00:00:00 2001 From: Katie McKew Date: Thu, 5 Mar 2026 16:30:40 +0100 Subject: [PATCH 2/3] bump version --- aws_quickstart/version.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aws_quickstart/version.txt b/aws_quickstart/version.txt index 7378a3bb..c0aa3929 100644 --- a/aws_quickstart/version.txt +++ b/aws_quickstart/version.txt @@ -1 +1 @@ -v4.6.5 +v4.6.6 From d16ed926cb39f2f07ecaa2c6ff2ce41a76a3141a Mon Sep 17 00:00:00 2001 From: Katie McKew Date: Wed, 18 Mar 2026 16:26:34 +0100 Subject: [PATCH 3/3] feat(aws): update the other templates with the same change --- .../datadog_agentless_delegate_role.yaml | 12 ++---- ...adog_agentless_delegate_role_stackset.yaml | 12 ++---- .../datadog_agentless_scanning.yaml | 12 ++---- aws_quickstart/main_extended_workflow.yaml | 38 ++++++++++--------- 4 files changed, 32 insertions(+), 42 deletions(-) diff --git a/aws_quickstart/datadog_agentless_delegate_role.yaml b/aws_quickstart/datadog_agentless_delegate_role.yaml index 760d4287..199ee64e 100644 --- a/aws_quickstart/datadog_agentless_delegate_role.yaml +++ b/aws_quickstart/datadog_agentless_delegate_role.yaml @@ -22,15 +22,11 @@ Parameters: DatadogSite: Type: String - Description: The Datadog site to use for the Datadog Agentless Scanner + Description: >- + The Datadog site to use for the Datadog Agentless Scanner. + Allowed values: datadoghq.com, datadoghq.eu, us3.datadoghq.com, us5.datadoghq.com, + ap1.datadoghq.com, ap2.datadoghq.com. Default: datadoghq.com - AllowedValues: - - datadoghq.com - - datadoghq.eu - - us3.datadoghq.com - - us5.datadoghq.com - - ap1.datadoghq.com - - ap2.datadoghq.com AgentlessVulnerabilityScanning: Type: String diff --git a/aws_quickstart/datadog_agentless_delegate_role_stackset.yaml b/aws_quickstart/datadog_agentless_delegate_role_stackset.yaml index 0065d311..89c3c382 100644 --- a/aws_quickstart/datadog_agentless_delegate_role_stackset.yaml +++ b/aws_quickstart/datadog_agentless_delegate_role_stackset.yaml @@ -26,15 +26,11 @@ Parameters: DatadogSite: Type: String - Description: The Datadog site to use for the Datadog Agentless Scanner + Description: >- + The Datadog site to use for the Datadog Agentless Scanner. + Allowed values: datadoghq.com, datadoghq.eu, us3.datadoghq.com, us5.datadoghq.com, + ap1.datadoghq.com, ap2.datadoghq.com. Default: datadoghq.com - AllowedValues: - - datadoghq.com - - datadoghq.eu - - us3.datadoghq.com - - us5.datadoghq.com - - ap1.datadoghq.com - - ap2.datadoghq.com AgentlessVulnerabilityScanning: Type: String diff --git a/aws_quickstart/datadog_agentless_scanning.yaml b/aws_quickstart/datadog_agentless_scanning.yaml index 70ea0cb7..838ed1ab 100644 --- a/aws_quickstart/datadog_agentless_scanning.yaml +++ b/aws_quickstart/datadog_agentless_scanning.yaml @@ -61,15 +61,11 @@ Parameters: DatadogSite: Type: String - Description: The Datadog site to use for the Datadog Agentless Scanner + Description: >- + The Datadog site to use for the Datadog Agentless Scanner. + Allowed values: datadoghq.com, datadoghq.eu, us3.datadoghq.com, us5.datadoghq.com, + ap1.datadoghq.com, ap2.datadoghq.com. Default: datadoghq.com - AllowedValues: - - datadoghq.com - - datadoghq.eu - - us3.datadoghq.com - - us5.datadoghq.com - - ap1.datadoghq.com - - ap2.datadoghq.com ScannerVPCId: Type: String diff --git a/aws_quickstart/main_extended_workflow.yaml b/aws_quickstart/main_extended_workflow.yaml index c768f92a..adb0f8d2 100644 --- a/aws_quickstart/main_extended_workflow.yaml +++ b/aws_quickstart/main_extended_workflow.yaml @@ -42,15 +42,10 @@ Parameters: DatadogSite: Type: String Default: datadoghq.com - Description: Define your Datadog Site to send data to. - AllowedValues: - - datadoghq.com - - datadoghq.eu - - us3.datadoghq.com - - us5.datadoghq.com - - ap1.datadoghq.com - - ap2.datadoghq.com - - ddog-gov.com + Description: >- + Define your Datadog Site to send data to. + Allowed values: datadoghq.com, datadoghq.eu, us3.datadoghq.com, us5.datadoghq.com, + ap1.datadoghq.com, ap2.datadoghq.com, ddog-gov.com (GovCloud). IAMRoleName: Description: Customize the name of IAM role for Datadog AWS integration Type: String @@ -220,6 +215,10 @@ Conditions: Fn::And: - Condition: NoForwarder - Condition: NoAgentlessScanning + IsStaging: + Fn::Equals: + - !Ref DatadogSite + - datad0g.com IsAP1: Fn::Equals: - !Ref DatadogSite @@ -448,18 +447,21 @@ Resources: IAMRoleName: !Ref IAMRoleName ResourceCollectionPermissions: !If [ResourceCollectionPermissions, true, false] DdAWSAccountId: !If - - IsAP1 - - "417141415827" + - IsStaging + - "727006795293" - !If - - IsAP2 - - "412381753143" + - IsAP1 + - "417141415827" - !If - - IsGov + - IsAP2 + - "412381753143" - !If - - IsAWSGovCloud - - "065115117704" - - "392588925713" - - "464622532012" + - IsGov + - !If + - IsAWSGovCloud + - "065115117704" + - "392588925713" + - "464622532012" # Step 3: Notify IAM role creation finished NotifyIAMRoleCreationFinished: