AWS GovCloud (US) is an isolated region in the AWS cloud that was created for customers with increased regulatory and compliance requirements for cloud usage, including government agencies and educational institutions. Due to AWS GovCloud’s (US) adherence to US Government regulations and compliance, some services and technologies have been appropriately slower to reach customers. For example, until recently Datadog did not monitor GovCloud-hosted infrastructure. Today we are happy to announce that this is no longer the case—Datadog now offers complete monitoring of all AWS GovCloud (US) components in your infrastructure
Datadog allows you to monitor everything happening in your AWS GovCloud (US) environment, including your latency, system utilization, healthy/unhealthy host count, native metrics from 400 + different technologies, and more—all while keeping your team in the loop.
We now offer an extension to our original AWS integration which allows Datadog to collect metrics from AWS GovCloud (US).
A key difference between the standard AWS integration and the AWS GovCloud (US) integration is how Datadog accesses your metrics. With standard AWS infrastructure you can either create and delegate a new role for Datadog to have read-only access or set up AWS access keys to pull metrics via API. AWS GovCloud (US), on the other hand, only allows for Datadog to access your metrics via API access keys because AWS GovCloud (US) does not allow role delegation for accounts outside of the protected region.
Granting API access is simple and allows Datadog to pull metrics automatically from AWS GovCloud (US). Once these metrics are in Datadog, you can correlate them to metrics from the rest of your stack and keep track of changes within your infrastructure in custom or pre-built AWS screenboards, as well as communicate any issues or changes to your teammates through in-graph notes and via the Events Stream.
Most infrastructure metrics are not considered to be sensitive data, but nonetheless please be aware that the Datadog platform itself is not running in GovCloud. If some of your metrics are sensitive, we recommend that you either anonymize or omit them. If you have any further questions, please get in touch with our Support team.
In order to start monitoring AWS GovCloud (US), you first need to create a new policy in your IAM Console with permissions allowing access to the metrics you’d like to monitor. You can allow for as many or as few permissions you’d like, but we recommend you at least include permissions for AWS EC2 and Amazon Cloudwatch.
Once you have set up your permissions, create a user within Console accessible via keys. These credentials are what you’ll use to grant secure permission to Datadog, so it’s important to store them in a safe location in the case you need to refer to them at a later point after set up.
Within your Datadog account, open the AWS Integration tile which will allow you to configure the integration. Choose the “Access Keys” tab above the credentials field and enter the Secret and Access keys you created in the step above. At this point, you can also add optional tags to automatically add to your hosts and metrics.
On the left side of this configuration screen, indicate the metrics you gave permission for collection in the Console and click ‘Install Integration.’ In just a few minutes, your metrics will begin appearing in Datadog dashboards.
For troubleshooting—check out our AWS docs page and follow the instructions for the API access keys.
If you are already a Datadog customer, you can try the AWS GovCloud (US) integration today. Otherwise, to try it out in your environment, sign up for a free 14-day trial of Datadog. For further information on how to optimally set up monitoring for the different AWS technologies see our other AWS articles.