AWS EventBridge’s partner integration with Datadog is a surprisingly flexible way to get Datadog events into AWS, but it’s not just about receiving them.
Imagine you’re running a critical application in AWS and you want Datadog to be your single source of truth for alerts. You’ve configured Datadog monitors, and now you want those alerts to trigger AWS actions – perhaps sending a notification to an SNS topic, invoking a Lambda function to remediate an issue, or even updating a Jira ticket. This is where the EventBridge partner integration shines.
Let’s look at this live. Here’s a sample Datadog event JSON, the kind that might be sent to EventBridge:
{
"id": "e4a3b2c1-d0f9-4e8a-8b7c-6d5a4b3c2d1e",
"eventType": "monitor.alert",
"resource": {
"name": "High CPU Utilization on Web Servers",
"type": "host",
"id": "i-0123456789abcdef0",
"url": "https://app.datadoghq.com/monitors/123456"
},
"alertInfo": {
"state": "ALERT",
"message": "CPU utilization on web servers is above 90% for 15 minutes."
},
"account": {
"id": "9876543210",
"name": "MyAwesomeOrg"
},
"occurrences": [
{
"timestamp": 1678886400,
"alertgrouptype": "group",
"alertgroup": "webserver-group-1"
}
],
"tags": ["environment:production", "service:web"],
"title": "[ALERT] High CPU Utilization on Web Servers"
}
When Datadog sends this event to EventBridge, it arrives as a standard JSON payload. EventBridge then acts as the central nervous system. You define rules within EventBridge that inspect this incoming JSON. These rules specify what to look for (the event pattern) and where to send it (the target).
Here’s how you’d set up a rule in the AWS console. You navigate to EventBridge, click "Create rule," and give it a name like Datadog-HighCPUAlerts.
The crucial part is defining the Event pattern. For our example Datadog event, you might want to trigger on any Datadog alert. The pattern would look something like this:
{
"source": ["com.datadoghq"],
"detail-type": ["monitor.alert"],
"detail": {
"alertInfo": {
"state": ["ALERT"]
}
}
}
This pattern tells EventBridge: "Only consider events that came from the com.datadoghq partner source, have a detail-type of monitor.alert, and within the detail object, have alertInfo.state set to ALERT."
Once you have a matching event, you need a Target. This is where the action happens. You could select an SNS topic. Let’s say you have an SNS topic named arn:aws:sns:us-east-1:123456789012:DatadogAlertsTopic. EventBridge will publish the entire Datadog event JSON as a message to this SNS topic.
Alternatively, you could trigger a Lambda function. You’d select "Lambda function" as the target and choose your DatadogAlertHandler function. This function would receive the Datadog event payload in its event parameter. Inside the Lambda, you could parse the JSON, extract resource.name and alertInfo.message, and then take action, like creating a ticket in Jira using the AWS SDK.
The real power comes from combining these. You can have multiple rules for different types of Datadog events. A monitor.alert might go to SNS and a Lambda for immediate notification and remediation. A monitor.recovery event could trigger a different Lambda to close the corresponding Jira ticket. You can also use Datadog’s tagging system within your EventBridge rules. If your Datadog event has tags: ["environment:production", "service:web"], you can filter in EventBridge:
{
"source": ["com.datadoghq"],
"detail-type": ["monitor.alert"],
"detail": {
"alertInfo": {
"state": ["ALERT"]
},
"tags": [
{"prefix": "environment:", "value": "production"}
]
}
}
This allows you to route alerts from your production environment to a more urgent notification channel than, say, staging.
The one thing that often trips people up is understanding how Datadog pushes these events. It’s not a pull mechanism. Datadog configures a webhook within its platform that points to a specific EventBridge endpoint (which EventBridge provides when you set up the partner integration). When a Datadog monitor triggers, Datadog makes an HTTP POST request to that endpoint with the event payload. EventBridge then receives this POST, validates it (implicitly, as it’s a trusted partner integration), and immediately begins evaluating it against your defined rules.
The next step you’ll likely explore is creating custom event buses in EventBridge to better segregate your Datadog-related traffic from other AWS events.