Jessie Wu
Colten Woo
Properly configured resources are the foundation of reliable, secure, and cost-effective applications in the cloud. But as organizations adopt multi-cloud architectures, provision more resources across more accounts, and scale services on demand, engineers often don’t know what’s been deployed, let alone whether it aligns with best practices. Without a centralized way to define and enforce infrastructure governance standards, even small misconfigurations can become bigger problems, making teams reactive to issues.
Datadog Resource Policies offers a proactive approach to infrastructure management by giving cloud platform teams flexibility to define best practices for cloud infrastructure resources based on internal best practices and industry compliance standards. Once policies are defined, organizations have a unified view of configuration compliance in Datadog, breaking down silos by giving teams direct insight into misconfigured resources. Developers can then initiate remediation workflows directly in the platform.
In this blog post, we’ll show you how you can:
- Align your organization on infrastructure best practices
- Assess your infrastructure compliance
- Remediate misconfigurations with instructions and Native Actions
Align your organization on infrastructure best practices
Jumpstart infrastructure governance initiatives with out-of-the-box Policy Templates
Policy Templates are out-of-the-box templates shaped by the expertise of cloud providers and experiences of our customers. These templates span reliability, cost optimization, operational excellence, and versioning, providing actionable guidance on ways to optimize resource configuration. By using Policy Templates, you can focus your efforts on tracking and remediating problematic resources rather than designing policies.
Create flexible custom policies based on your organization’s best practices
When you want to enforce best practices unique to your organization, you can define a custom policy in just a few clicks. To create a policy, first choose an AWS, Microsoft Azure, or Google Cloud resource. Next, you simply need to define the resource’s optimal configuration by selecting the attribute you want properly configured and its desired value. Datadog provides you with flexible queries to create your policies. In addition to policies for your resource configurations, you can also define tagging policies to ensure resources are consistently tagged across your infrastructure.
Assess your infrastructure compliance
After creating a policy, your resources are evaluated in real time to show you noncompliant resources that need attention. You can compare compliance scores across all your policies to see how you’re tracking toward your goals and what areas need attention.
You can also evaluate policy performance across teams, services, or any custom tags to help you prioritize outreach to low-performing teams. As shown in the image below, you can choose to group your policies by service; for example, after seeing that the service rcapi has relatively low compliance against many policies, you can reach out to the engineering team who owns that service. You can then use filters to create a shareable view for the rcapi team that shortens feedback loops and remediation times.
Remediate misconfigurations with instructions and Native Actions
When you create a custom policy, you can include remediation instructions so that teams can confidently and consistently take action. All Policy Templates come equipped with suggested remediation steps based on industry best practices, as well as automated workflows in some cases. Using Datadog Native Actions, you can remediate misconfigurations without ever leaving Datadog for the following use cases:
- Amazon RDS Instances should be configured with Multi-AZ deployment
- Amazon EBS Volume Type should be upgraded from GP2 to GP3
- Amazon DynamoDB Point-In-Time Recovery should be enabled
- Google Compute Instances should have automatic restart enabled
As you can see below, when using specific Policy Templates, you can enable the workflow action for that policy and leave instructions for the responsible team to run the action for non-compliant resources. This allows them to make the configuration updates to your cloud console from Datadog.
Proactively govern your infrastructure with Datadog
As modern infrastructure continues to evolve and scale, the risks and costs of letting your resource configurations go unchecked grows with it. Datadog Resource Policies helps you get ahead of these risks by enabling you to define configuration best practices, giving you visibility into misconfigurations across your entire environment and the tools to kick off remediation. With out-of-the-box templates, custom policy creation, and real-time compliance tracking, engineering teams can drive consistency and control without slowing down innovation.
Check out our documentation for more information on Datadog Resource Policies and sign up for the Preview to start using it today. If you’re not yet a Datadog user, you can sign up with a 14-day free trial.
