 |
VOOZH | about |
|
VOOZH | about |
Set up Storage Management for Amazon S3 with one of the following methods:
The in-product setup walks you through three steps: configuring an AWS account, selecting buckets and enabling S3 Inventory and access logs, and finishing setup. A CloudFormation stack applies the required changes in your AWS account.
To start, navigate to Infrastructure > Storage Management and click Try Storage Management.
Use the official Datadog Storage Management Terraform module to configure S3 Inventory and forward S3 access logs. The module:
To use the example below:
<AWS_REGION> with your AWS region.<MODULE_NAME> with a unique name for this module instance.<DATADOG_AWS_INTEGRATION_ROLE_NAME> with the name of your Datadog AWS integration IAM role.<SOURCE_BUCKET_1>, <SOURCE_BUCKET_2>, and so on with the names of the buckets to monitor.<DESTINATION_BUCKET_NAME> with the name of the bucket that receives your inventory files.<DATADOG_FORWARDER_FUNCTION_NAME> with the name of your Datadog Forwarder Lambda function (only required if enabling access logs).For more options, see the module documentation.
provider "aws" {
region = "<AWS_REGION>"
}
provider "datadog" { # Configure with environment variables:
# DD_API_KEY, DD_APP_KEY, DD_SITE
}
module "datadog_storage_management" {
source = "DataDog/storage-management-datadog/aws"
name = "<MODULE_NAME>"
datadog_aws_integration_role_name = "<DATADOG_AWS_INTEGRATION_ROLE_NAME>"
source_bucket_names = ["<SOURCE_BUCKET_1>", "<SOURCE_BUCKET_2>"]
destination_bucket_name = "<DESTINATION_BUCKET_NAME>" # Prefix within the destination bucket where inventory files are written.
# Defaults to "datadog-inventories/". The module keeps the inventory
# configuration, bucket policy, and IAM permissions consistent with this
# value. Datadog recommends to use the default value.
# destination_prefix = "datadog-inventories/"
# Bucket policy: "none", "create", or "merge" (default)
destination_bucket_policy_management = "merge" # Optional: Enable S3 access logs for prefix-level request and latency metrics
enable_access_logging = true
datadog_forwarder_function_name = "<DATADOG_FORWARDER_FUNCTION_NAME>"
}
After enabling S3 Inventory, it can take up to 24 hours for the first inventory reports to be generated. To verify that inventories are being generated, go to your destination bucket in the AWS console and confirm that inventory files appear in the destination prefix you specified.
After you confirm inventory files are present, verify Storage Management is enabled on your buckets by navigating to Storage Management and confirming that your destination bucket is listed.
To manually set up the required Amazon S3 Inventory and related configuration, follow these steps:
After inventory files begin appearing in the destination bucket, register it with Storage Management by calling the Enable Storage Management for a bucket endpoint:
curl -X PUT "https://api.${DD_SITE}/api/v2/cloudinventoryservice/syncconfigs" \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \
-d '{
"data": {
"id": "aws",
"type": "cloud_provider",
"attributes": {
"aws": {
"aws_account_id": "<AWS_ACCOUNT_ID>",
"destination_bucket_name": "<DESTINATION_BUCKET_NAME>",
"destination_bucket_region": "<DESTINATION_BUCKET_REGION>",
"destination_prefix": "<DESTINATION_PREFIX>"
}
}
}
}'
To use the example above:
<AWS_ACCOUNT_ID> with the 12-digit AWS account ID that owns the destination bucket.<DESTINATION_BUCKET_NAME> with the name of the destination bucket holding inventory reports.<DESTINATION_BUCKET_REGION> with the AWS region of the destination bucket.<DESTINATION_PREFIX> with the prefix in the destination bucket where your S3 Inventory reports are written, for example datadog-inventories/. This must match the prefix in your S3 Inventory configuration. To read inventory reports from the entire bucket, set the value to /. Leaving the value empty does not read from the entire bucket; it defaults to datadog-inventories/.A 200 response confirms Storage Management is enabled for the destination bucket.
To verify your setup:
Follow these best practices to optimize Storage Management setup:
Configure lifecycle policies for inventory destination buckets: S3 Inventory reports are generated daily and stored in your destination bucket. To prevent old inventory files from accumulating and incurring storage costs, add a lifecycle policy to automatically delete inventory reports older than three days.
Configure life cycle policies for S3 access logs: If you have enabled S3 access logs for prefix-level request metrics, the raw log files accumulate in your destination bucket. After these logs are forwarded to Datadog, the raw files are no longer needed for Storage Management purposes. To automatically delete access log files after forwarding to Datadog, add a life cycle rule.
Note: Before enabling automatic deletion, verify that there are no compliance or audit requirements in your organization that mandate retaining raw S3 access logs for a specific period.
Create exclusion filters for S3 access logs: If S3 access logs are forwarded to Datadog only for Storage Management and don’t need to be indexed for search or analytics, add an exclusion filter to keep them out of indexed log volume.
If you don’t see data for buckets you set up for Storage Management, use the Storage Management Settings page to view all configured buckets, their inventory status, and any configuration errors. The page surfaces issues with actionable remediation steps. If you have any questions, contact Datadog.
Bits Chat for Storage Management is in Preview. To try this skill, request access.
Request AccessFinOps and engineering teams can use Bits Chat and Storage Management to identify S3 cost savings opportunities, generate reports in Datadog Notebooks, and implement recommended changes. To use Bits Chat with Storage Management, enable the storage skill in the Bits Chat settings.
With the storage skill enabled for Bits Chat, you can:
An out-of-the-box Storage Management S3 dashboard template is available to help you visualize the below metrics. You can clone and customize it to fit your needs.
| Metric Name | Notable Tags | Description |
|---|---|---|
| aws.s3.inventory.total_prefix_size | bucketname, prefix, region, storagetype, extension, delete_marker, is_latest | Total amount of data, in bytes, stored in a prefix. |
| aws.s3.inventory.average_prefix_size | bucketname, prefix, region | Average object size, in bytes, for objects in a prefix. |
| aws.s3.inventory.prefix_object_count | bucketname, prefix, region, storagetype, extension, delete_marker, is_latest | The total number of objects stored in a prefix. |
| aws.s3.inventory.prefix_object_count.levels | bucketname, prefixN*, region, storagetype, extension, delete_marker | Object counts aggregated to hierarchical prefix levels, used for treemap visualizations. |
| aws.s3.inventory.total_prefix_size.levels | bucketname, prefixN*, region, storagetype, extension, delete_marker | Prefix size aggregated to hierarchical prefix levels, used for treemap visualizations. |
| aws.s3.inventory.prefix_age_days | bucketname, prefix, region | Age, in days, of the oldest object in the bucket or prefix. |
| aws.s3.inventory.prefix_small_file_size | bucketname, prefix, region, storagetype | Total size, in bytes, of objects smaller than 128KB in a prefix. Helps identify overhead costs on storage tiers like Glacier and Standard-IA. |
| aws.s3.inventory.prefix_small_file_count | bucketname, prefix, region, storagetype | Number of objects smaller than 128KB in a prefix. Helps identify overhead costs on storage tiers like Glacier and Standard-IA. |
| aws.s3.inventory.access_logs.total_requests_by_method | bucketname, prefix, region, method | Total number of requests for objects in a prefix, optionally split by request method (for example, GET or PUT). Requires S3 access logs in Datadog. |
| aws.s3.inventory.access_logs.request_latency_by_method | bucketname, prefix, region, method | Server response time for requests in a prefix, optionally split by request method. Requires S3 access logs in Datadog. |
*prefixN refers to prefix levels such as prefix0, prefix1, prefix2, and so on.
Note: Use the right metric for the question you’re answering:
aws.s3.inventory.prefix_object_count and aws.s3.inventory.total_prefix_size (with the prefix tag) include everything inside a folder and all its subfolders. Use these when you want the total count or size for a specific folder (for example, “how much is in logs/2024/?”).aws.s3.inventory.prefix_object_count.levels and aws.s3.inventory.total_prefix_size.levels (with prefix1, prefix2, prefix3, and so on) count or size objects only at that exact depth. Use these when you want to build a treemap or compare folder sizes across levels (for example, “which top-level folders are the biggest?”).Note: For the most accurate monitoring and visualization, include all object versions to see non-current object recommendations or metrics.
Storage Management analyzes your inventory data and access logs to surface prefix-level recommendations for reducing S3 storage costs. These recommendations are available to all Storage Management customers. Potential savings are estimated using AWS list prices. If you have Cloud Cost Management enabled, recommendations also appear in Cloud Cost Recommendations, and you can track actual savings from optimizations.
Recommendations are run on a daily basis and are automatically refreshed in your account as soon as the recommendations are released.
Seeing recommendations has the following prerequisites:
Transition unaccessed S3 data in prefix to Infrequent Access
Expire old non-current version objects in S3 bucket prefix
Consolidate small files in prefix to minimize per-object storage costs
| |
