A Guide to Integrating 100+ AWS Accounts with Datadog
10월 15, 2025
Overview
Organizations operating at scale in the cloud often manage a large number of AWS accounts to achieve isolation, compliance, proper cost allocation, and operational efficiency. However, this approach introduces complexity when it comes to integrating observability solutions consistently across all accounts. This guide provides a prescriptive framework for integrating a large number of AWS accounts with Datadog.
Why Multi-Account Integration Matters for Observability
As your AWS footprint grows, consolidating observability data becomes critical to:
- Centralize Observability: Reduce context switching across accounts by having visibility into metrics, logs, and traces in a single Datadog organization.
- Automate Deployments at Scale: Using infrastructure as code (IaC), avoid manual and error-prone configurations.
- Improve Security Posture: Implement a least privilege access model and gain visibility into misconfigurations across all accounts using Datadog Cloud Security.
- Support Compliance and Governance Rules: Comply with organization’s best practices for operating multiple production/non-production or regulatory environments and domains.
- Unify Incident Response: Detect and respond to incidents faster with unified anomaly detection and alerting across all accounts.
- Optimize Cost and Usage Attribution: Track costs easily by organizing usage by AWS accounts, organization units, and resources grouped by tags.
Integration Approaches
The right integration method will depend on your AWS account management structure, IaC tooling, and operational goals.
1. AWS CloudFormation
AWS CloudFormation is an infrastructure-as-code (IaC) service that allows you to model, provision, and manage AWS resources. This is the best choice if you want to quickly get started with integrating Datadog.
You can find step-by-step instructions on getting started with Datadog AWS CloudFormation in our documentation.
Things to note for CloudFormation:
- It is recommended that you are already logged in to the correct AWS account using the AWS Management Console prior to launching the CloudFormation template from the Datadog console.
- Once launched, monitor the CloudFormation stacks to ensure that the stack is created successfully.
- Wait up to 5–10 minutes for data to be collected by Datadog.
- Use the out-of-the-box AWS Overview Dashboard to see metrics sent by your AWS account and services.
2. AWS Organizations with CloudFormation StackSets
AWS Organizations enables centralized account management for large-scale AWS accounts and resources with little to no management overhead. It provides scalable automation, native support for centralized governance, and automatic integration with Datadog for future accounts.
You can find step-by-step instructions on getting started with Datadog AWS integration for AWS Organizations in our documentation.
Things to note for AWS Organizations:
- Your AWS user must have access to the AWS Organization management account.
- Ensure that you have activated trust access for stack sets with AWS Organizations. Refer to AWS CloudFormation documentation for more details.
3. Terraform
For enterprise-scale and multi-cloud environments, Terraform offers greater flexibility and ease of management with hundreds of AWS accounts. It is an ideal choice for organizations with diverse infrastructure, such as a mix of on-prem, cloud, SaaS integrations, or other sources. Combined with the benefits of AWS infrastructure management, Datadog’s Terraform provider, and Datadog’s AWS integration with Terraform, you can automate observability at scale.
You can find step-by-step instructions on configuring the Datadog Terraform Provider for AWS integrations in our documentation.
Things to note for Terraform:
- The
datadog_integration_aws_accountresource replaced thedatadog_integration_awsresource of the Datadog Terraform provider. - It may take up to 10 minutes for data to be collected by Datadog after performing
terraform apply. - You see further examples in the Terraform Registry.
- Never hardcode Datadog API or application keys in your Terraform files. Use environment variables, AWS Secrets Manager, or HashiCorp Vault to keep credentials secure.
- Review your API URL in the provider block to ensure that you are using the correct region.
- Ensure that the
sts:AssumeRoleis properly configured.
4. AWS Control Tower
AWS Control Tower helps automate the setup and governance of multi-account AWS environments. For large organizations managing hundreds of AWS accounts, Control Tower simplifies lifecycle management by using Account Factory to build standardized accounts. By integrating Datadog into the creation process of the accounts, organizations can automatically deploy and configure Datadog’s AWS integration as part of the workflow. This enables new accounts to be observability-ready from day one.
Detailed walk through of this approach can be found in this AWS blog.
Things to note for AWS Control Tower:
- AWS Control Tower relies on lifecycle events to trigger the deployment of the Datadog AWS integration stack. Sometimes, there can be delays before the stack is deployed. This can affect monitoring readiness.
- The integration stack creates an IAM role
DatadogIntegrationRolein each managed account. Pre-existing roles with conflicting names can cause deployment failures. - Ensure that the
sts:AssumeRoleis properly configured. - If StackSet quota limits have been reached, deployment of StackSets will fail, which may leave AWS accounts unmonitored.
Comparison Table
| Setup Method | When to Use | Pros | Cons |
|---|---|---|---|
| AWS CloudFormation | You want to get started quickly with Datadog, and your teams already manage AWS resources via CloudFormation. You can deploy Datadog’s AWS integration to your AWS account(s) using CloudFormation that provides infrastructure as code (IaC) capabilities. |
|
|
| AWS Organizations | You want to use AWS-native management and governance tools. You can configure AWS Organizations to deploy to all of your AWS accounts, and also to newly added accounts by deploying stackset. |
|
|
| Terraform | You want to use an IaC tool that is not AWS-native, or when you want to customize the deployment of Datadog’s AWS integration beyond what is possible with CloudFormation. You are also managing a multi-cloud infrastructure. |
|
|
| Control Tower | When you are setting up or managing a multi-account AWS environment with guardrails and want to integrate Datadog as part of the baseline account provisioning process. |
|
|
Additional Tips
- Before you begin integrating your AWS accounts with Datadog, ensure that you have a good understanding of your AWS environment and your Datadog requirements.
- Create a plan for how you want to deploy Datadog’s AWS integration to your existing accounts and potentially new accounts through organic growth and/or merger and acquisitions. This will help you avoid any problems or delays during the deployment process.
- Test your Datadog deployment thoroughly before placing it into production.
- If you already have AWS accounts integrated in Datadog manually, be sure to re-integrate them using the IaC or native tool you have chosen so that they can be managed with the new method.
Authors
Lowell Abraham, Sr. Product Solutions Architect
Cloud Integrations, Datadog