Is there any way to restrict, select or filter AWS regions in Datadog for AWS integration?
I know that we can filter resources on the basis of tags but all the resources for all of the AWS services are not having a tag with the region specified. Also, there are more than 25 AWS accounts so adding that tag across all the resources in all the AWS services used would a very long task.
Is there any quick way to do it?
The reason why we need that is to reduce the cost of the Get API calls caused by DataDog across all the AWS regions in all the AWS accounts. Also, we don’t want to give unnecessary access to other AWS regions to Datadog.
2
Answers
There are 2 things you need to do to achieve this:
Further Elaboration: The 2nd step is enough but there could be a case that a new AWS account is added from the Datadog console/GUI and you forget to add the excluded regions because you cannot specify the excluded regions on the Datadog console/GUI. You have to use the Datadog API for that purpose. So, the 1st step can help us in identifying such configuration for an AWS account which is missing the excluded regions as it will show an error on Datadog Integration for AWS regarding access not allowed to regions. Also, 1st step adds an extra layer of security.
This is finally possible via Datadog console as well!
To allow/restrict any region: Login to your datadog account > Integrations > AWS > Select integration (AWS account) > General > Regions.
Here is a screenshot: