codemunkee
diff --git a/‎content/integrations/aws.html
Lines changed: 155 additions & 9 deletions b/‎content/integrations/aws.html
Lines changed: 155 additions & 9 deletions
diff --git a/‎content/static/images/cloudtrail_config.png
117 KB b/‎content/static/images/cloudtrail_config.png
117 KB
diff --git a/‎content/static/images/cloudtrail_event.png
59.1 KB b/‎content/static/images/cloudtrail_event.png
59.1 KB
@@ -2,23 +2,30 @@
 title: Datadog-AWS Cloudwatch Integration
 sidebar:
   nav:
+    - header: AWS integration
+    - text: Configure CloudWatch
+      href: "#cloudwatch"
+    - text: Configure CloudTrail
+      href: "#cloudtrail"
+    - text: Troubleshooting
+      href: "#troubleshooting"
     - header: Integrations
     - text: Back to Overview
       href: "/integrations/"
 ---
 
+
+### <a name="cloudwatch"></a>Configure CloudWatch
+
 The recommended way to configure Cloudwatch in Datadog is to create a
 new user via the <a target="_blank" href="https://console.aws.amazon.com/iam/home#s=Home">IAM Console</a>
-and grant that user (or group of user) Amazon EC2 and Cloudwatch *read-only*
-access.
+and grant that user (or group of user) **Amazon EC2, Cloudwatch and CloudTrail *read-only* access**.
 
 These can be set via policy templates in the console.
 
 Alternatively they can set via Amazon's API according to the following
 specifications:
 
-## Amazon Read-Only Access
-
     {
       "Statement": [
         {
@@ -30,6 +37,8 @@
             "cloudformation:GetTemplate",
             "cloudfront:Get*",
             "cloudfront:List*",
+            "cloudtrail:DescribeTrails",
+            "cloudtrail:GetTrailStatus",
             "cloudwatch:Describe*",
             "cloudwatch:Get*",
             "cloudwatch:List*",
@@ -71,18 +80,149 @@
     }
 
 
-<h4>Do you believe you're seeing a discrepancy between your data in Cloudwatch and Datadog?</h4> 
+### <a name="cloudtrail"></a>CloudTrail integration
+
+AWS CloudTrail records AWS API calls for your account in log files. Datadog can read these files and create events in your stream. Here is an example of a CloudTrail event:
+
+<img src="/static/images/cloudtrail_event.png" style="width:100%; border:1px solid #777777"/>
+
+#### How to configure CloudTrail?
+
+First make sure that you have configured CloudWatch and that the user you created for Datadog has the **AWS CloudTrail read-only access**. <a href="#cloudwatch">See above explanation</a>.
+
+CloudTrail has to be configured on a per-region basis. Make sure you complete the two steps below for **all regions** that you want Datadog to collect CloudTrail data from.
+
+1. <a href="https://console.aws.amazon.com/cloudtrail">Go to your CloudTrail console</a> to enable it. Then select the S3 bucket you wish to use as follows:
+
+    <img src="/static/images/cloudtrail_config.png" style="width:100%; border:1px solid #777777"/>
+
+2. Your user must have access to the S3 bucket you have selected. To grant your user read-only access to your bucket, you would paste the following policy in the IAM console:
+
+        {
+          "Statement": [
+            {
+              "Action": [
+                "s3:ListBucket",
+                "s3:GetBucketLocation",
+                "s3:GetObject"
+              ],
+              "Effect": "Allow",
+              "Resource": [
+                "arn:aws:s3:::your-s3-bucket-name",
+                "arn:aws:s3:::your-s3-bucket-name/*"
+              ]
+            }
+          ]
+        }
+
+#### What events are collected?
+
+Below is the list of events that Datadog will collect from CloudTrail and display in your event stream. If you would like to see other events that are not mentionned here, please reach out to <a href="/help">our support team</a>.
+
+**EC2 Actions**<br/>
+AttachVolume<br/>
+AuthorizeSecurityGroup<br/>
+CreateSecurityGroup<br/>
+CreateVolume<br/>
+CreateTags<br/>
+DeleteVolume<br/>
+DeleteTags<br/>
+DetachVolume<br/>
+RebootInstances<br/>
+RevokeSecurityGroupEgress<br/>
+RevokeSecurityGroupIngress<br/>
+RunInstances<br/>
+StartInstances<br/>
+StopInstances<br/>
+TerminateInstances<br/>
+
+**RDS Actions**<br/>
+CreateDBInstance<br/>
+RebootDBInstance<br/>
+ModifyDBInstance<br/>
+DeleteDBInstance<br/>
+
+**IAM Actions**<br/>
+AddRoleToInstanceProfile<br/>
+AddUserToGroup<br/>
+ChangePassword<br/>
+CreateAccessKey<br/>
+CreateAccountAlias<br/>
+CreateGroup<br/>
+CreateInstanceProfile<br/>
+CreateLoginProfile<br/>
+CreateRole<br/>
+CreateSAMLProvider<br/>
+CreateUser<br/>
+CreateVirtualMFADevice<br/>
+DeleteAccessKey<br/>
+DeleteAccountAlias<br/>
+DeleteAccountPasswordPolicy<br/>
+DeleteGroup<br/>
+DeleteGroupPolicy<br/>
+DeleteInstanceProfile<br/>
+DeleteLoginProfile<br/>
+DeleteRole<br/>
+DeleteRolePolicy<br/>
+DeleteSAMLProvider<br/>
+DeleteServerCertificate<br/>
+DeleteSigningCertificate<br/>
+DeleteUser<br/>
+DeleteUserPolicy<br/>
+DeleteVirtualMFADevice<br/>
+PutGroupPolicy<br/>
+PutRolePolicy<br/>
+PutUserPolicy<br/>
+RemoveRoleFromInstanceProfile<br/>
+RemoveUserFromGroup<br/>
+UpdateAccessKey<br/>
+UpdateAccountPasswordPolicy<br/>
+UpdateAssumeRolePolicy<br/>
+UpdateGroup<br/>
+UpdateLoginProfile<br/>
+UpdateSAMLProvider<br/>
+UpdateServerCertificate<br/>
+UpdateSigningCertificate<br/>
+UpdateUser<br/>
+UpdateServerCertificate<br/>
+UpdateSigningCertificate<br/>
+
+**VPC Actions**<br/>
+AssociateDhcpOptions<br/>
+AssociateRouteTable<br/>
+AttachVpnGateway<br/>
+CreateCustomerGateway<br/>
+CreateDhcpOptions<br/>
+CreateRouteTable<br/>
+CreateVpnConnection<br/>
+CreateVpnConnectionRoute<br/>
+CreateVpnGateway<br/>
+DeleteCustomerGateway<br/>
+DeleteDhcpOptions<br/>
+DeleteRouteTable<br/>
+DeleteVpnConnection<br/>
+DeleteVpnConnectionRoute<br/>
+DeleteVpnGateway<br/>
+DetachVpnGateway<br/>
+DisassociateRouteTable<br/>
+ReplaceRouteTableAssociation<br/>
+
+
+### <a name="troubleshooting"></a>Troubleshooting
+
+#### Do you believe you're seeing a discrepancy between your data in Cloudwatch and Datadog?
+
 <p>There are two important distinctions to be aware of:</p>
 <ol>
 <li>In AWS for counters, a graph that is set to 'sum' '1minute' shows the total number of occurrences
 in one minute leading up to that point, i.e. the rate per 1 minute.  Datadog is
-displaying the raw data from AWS normalized to per second values, regardless of the 
+displaying the raw data from AWS normalized to per second values, regardless of the
 timeframe selected in AWS, which is why you will probably see our value as lower.</li>
 
-<li>Overall, min/max/avg have a different meaning within AWS than in Datadog. 
-In AWS, average latency, 
+<li>Overall, min/max/avg have a different meaning within AWS than in Datadog.
+In AWS, average latency,
 minimum latency, and maximum latency are three distinct metrics that AWS collects.
-When Datadog pulls metrics from AWS Cloudwatch, we only get the average latency as a single time 
+When Datadog pulls metrics from AWS Cloudwatch, we only get the average latency as a single time
 series per ELB.
 Within Datadog, when you are selecting 'min', 'max', or 'avg', you are
 controlling how multiple time series will be combined. For example, requesting
@@ -93,3 +233,9 @@ <h4>Do you believe you're seeing a discrepancy between your data in Cloudwatch a
 result.</li>
 </ol>
 
+#### Metrics delayed?
+
+<p>When using the AWS integration, we're pulling in metrics via the Cloudwatch API. There is a delay that can occur which is a byproduct of how we’re constrained when crawling the CloudWatch APIs. This is a limitation of AWS Cloudwatch; standard metrics are captured by AWS every 3-5 minutes, may not be exposed by the AWS Cloudwatch APIs before 10 minutes and we are then subject to API throttling when we crawl them, which can result in a slight delay. Overall, we're always looking to cut down on this delay and have a faster priority crawler currently in Beta.</p>
+
+<p>For metrics with zero delay, we recommend installing the Datadog Agent on those hosts. We’ve written a bit about this here (especially in relation to CloudWatch):
+<a href="http://www.datadoghq.com/2013/10/dont-fear-the-agent/">www.datadoghq.com/2013/10/dont-fear-the-agent</a></p>