feat: 6764: add metrics collection and update iam role

OmarNour14 · OmarNour14 · commit 440d86e71419 · 2022-11-11T14:14:25.000Z
diff --git a/main.tf b/main.tf
@@ -11,6 +11,7 @@ resource "datadog_integration_aws" "core" {
   excluded_regions                 = var.excluded_regions
   filter_tags                      = var.filter_tags
   resource_collection_enabled      = var.resource_collection_enabled
+  metrics_collection_enabled       = var.metrics_collection_enabled 
   cspm_resource_collection_enabled = var.cspm_resource_collection_enabled
 }
 
@@ -118,6 +119,7 @@ resource "aws_iam_policy" "datadog-core" {
         "logs:DeleteSubscriptionFilter",
         "logs:DescribeSubscriptionFilters",
         "organizations:DescribeOrganization",
+        "organizations:ListRoots",
         "rds:Describe*",
         "rds:List*",
         "redshift:DescribeClusters",
@@ -129,6 +131,7 @@ resource "aws_iam_policy" "datadog-core" {
         "s3:GetBucketTagging",
         "s3:ListAllMyBuckets",
         "s3:PutBucketNotification",
+        "backup:ListBackupPlans",
         "ses:Get*",
         "sns:List*",
         "sns:Publish",
diff --git a/vars.tf b/vars.tf
@@ -51,6 +51,10 @@ variable "cspm_resource_collection_enabled" {
   description = "Whether Datadog collects cloud security posture management resources from your AWS account"
   type        = string
 }
+variable "metrics_collection_enabled" {
+  description = "Whether Datadog collects metrics for this AWS account."
+  type        = string
+}
 variable "resource_collection_enabled" {
   description = "Whether Datadog collects a standard set of resources from your AWS account."
   type        = string
