Forked from miketheman/datadog-role-delegation.json
Created
February 28, 2018 17:24
-
-
Save naviat/5197508bc2f23ca311877db83da94cd7 to your computer and use it in GitHub Desktop.
Datadog AWS Integration Automated Setup - CloudFormation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "AWSTemplateFormatVersion": "2010-09-09", | |
| "Parameters": { | |
| "SharedSecret": { | |
| "Default": "SOOPASEKRET", | |
| "Description": "Shared Secret, aka External ID", | |
| "Type": "String", | |
| "NoEcho": "true" | |
| } | |
| }, | |
| "Resources": { | |
| "DatadogAWSIntegrationRole": { | |
| "Type": "AWS::IAM::Role", | |
| "Properties": { | |
| "AssumeRolePolicyDocument": { | |
| "Version": "2012-10-17", | |
| "Statement": [ | |
| { | |
| "Action": "sts:AssumeRole", | |
| "Effect": "Allow", | |
| "Condition": { | |
| "StringEquals": { "sts:ExternalId": { "Ref": "SharedSecret" } } | |
| }, | |
| "Principal": { "AWS": "arn:aws:iam::464622532012:root" } | |
| } | |
| ] | |
| }, | |
| "Path": "/" | |
| } | |
| }, | |
| "DatadogAWSIntegrationPolicy": { | |
| "Type": "AWS::IAM::ManagedPolicy", | |
| "Properties": { | |
| "PolicyDocument": { | |
| "Version": "2012-10-17", | |
| "Statement": [ | |
| { | |
| "Action": [ | |
| "autoscaling:Describe*", | |
| "cloudtrail:DescribeTrails", | |
| "cloudtrail:GetTrailStatus", | |
| "cloudwatch:Describe*", | |
| "cloudwatch:Get*", | |
| "cloudwatch:List*", | |
| "ec2:Describe*", | |
| "ec2:Get*", | |
| "ecs:Describe*", | |
| "ecs:List*", | |
| "elasticache:Describe*", | |
| "elasticache:List*", | |
| "elasticloadbalancing:Describe*", | |
| "elasticmapreduce:List*", | |
| "iam:Get*", | |
| "iam:List*", | |
| "kinesis:Get*", | |
| "kinesis:List*", | |
| "kinesis:Describe*", | |
| "logs:Get*", | |
| "logs:Describe*", | |
| "logs:TestMetricFilter", | |
| "rds:Describe*", | |
| "rds:List*", | |
| "route53:List*", | |
| "ses:Get*", | |
| "ses:List*", | |
| "sns:List*", | |
| "sns:Publish", | |
| "sqs:GetQueueAttributes", | |
| "sqs:ListQueues", | |
| "sqs:ReceiveMessage" | |
| ], | |
| "Effect": "Allow", | |
| "Resource": "*" | |
| } | |
| ] | |
| }, | |
| "Path": "/", | |
| "Roles": [ { "Ref": "DatadogAWSIntegrationRole" } ] | |
| } | |
| } | |
| }, | |
| "Outputs": { | |
| "RoleName": { | |
| "Description": "The IAM Role to share with Datadog", | |
| "Value": { "Fn::GetAtt": [ "DatadogAWSIntegrationRole", "Arn" ] } | |
| }, | |
| "SharedSecret": { | |
| "Description": "The Shared Secret aka External ID", | |
| "Value": { "Ref": "SharedSecret" } | |
| } | |
| } | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ aws cloudformation create-stack --stack-name DatadogAWSIntegration --capabilities CAPABILITY_IAM --template-body file://datadog-role-delegation.json --parameters ParameterKey=SharedSecret,ParameterValue=some-complex-generated-shared-secret | |
| { | |
| "StackId": "arn:aws:cloudformation:us-east-1:123456789012:stack/DatadogAWSIntegration/some-long-guid" | |
| } | |
| $ aws cloudformation describe-stacks --stack-name DatadogAWSIntegration --output json | jq '.Stacks[].Outputs[]' | |
| { | |
| "Description": "The IAM Role to share with Datadog", | |
| "OutputKey": "RoleName", | |
| "OutputValue": "arn:aws:iam::123456789012:role/DatadogAWSIntegration-DatadogAWSIntegrationRole-ILKF6RXU0UQT" | |
| } | |
| { | |
| "Description": "The Shared Secret aka External ID", | |
| "OutputKey": "SharedSecret", | |
| "OutputValue": "some-complex-generated-shared-secret" | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment