Language

English Français 日本語 한국어 Español

Datadog Site

Site help
US1 US3 US5 EU AP1 AP2 US1-FED US2-FED

Storage Management

Enable Storage Management for S3 buckets, GCS buckets, and Azure containers. Each configuration registers the destination that holds inventory reports for the storage being monitored.

Enable Storage Management for a bucket

PUT https://api.ap1.datadoghq.com/api/v2/cloudinventoryservice/syncconfigshttps://api.ap2.datadoghq.com/api/v2/cloudinventoryservice/syncconfigshttps://api.datadoghq.eu/api/v2/cloudinventoryservice/syncconfigshttps://api.ddog-gov.com/api/v2/cloudinventoryservice/syncconfigshttps://api.us2.ddog-gov.com/api/v2/cloudinventoryservice/syncconfigshttps://api.datadoghq.com/api/v2/cloudinventoryservice/syncconfigshttps://api.us3.datadoghq.com/api/v2/cloudinventoryservice/syncconfigshttps://api.us5.datadoghq.com/api/v2/cloudinventoryservice/syncconfigs

Overview

Enable Storage Management for an S3 bucket, GCS bucket, or Azure container by registering the destination that holds its inventory reports. Set data.id to the cloud provider (aws, gcp, or azure) and provide the matching settings under data.attributes. Calling this endpoint with the same provider replaces the existing configuration. This endpoint requires the aws_configurations_manage permission.

Request

Body Data (required)

Expand All

Field

Type

Description

data [required]

object

Storage Management configuration data for the create or update request.

attributes [required]

object

Settings for the cloud provider specified in data.id. Include only the matching provider object (aws, gcp, or azure).

aws

object

AWS settings for the S3 bucket Storage Management reads inventory reports from.

aws_account_id [required]

string

AWS account ID that owns the inventory bucket.

destination_bucket_name [required]

string

Name of the S3 bucket containing inventory files.

destination_bucket_region [required]

string

AWS Region of the inventory bucket.

destination_prefix

string

Object key prefix where inventory reports are written. Omit or set to / when reports are written at the bucket root.

azure

object

Azure settings for the storage account and container with inventory data.

client_id [required]

string

Azure AD application (client) ID used for access.

container [required]

string

Blob container name.

resource_group [required]

string

Resource group containing the storage account.

storage_account [required]

string

Storage account name.

subscription_id [required]

string

Azure subscription ID.

tenant_id [required]

string

Azure AD tenant ID.

gcp

object

GCP settings for buckets involved in inventory reporting.

destination_bucket_name [required]

string

GCS bucket name where Datadog reads inventory reports.

project_id [required]

string

GCP project ID for the inventory destination bucket.

service_account_email [required]

string

Service account email used to read the destination bucket.

source_bucket_name [required]

string

GCS bucket name that inventory reports are generated for.

id [required]

enum

Cloud provider for this sync configuration (aws, gcp, or azure). For requests, must match the provider block supplied under attributes. Allowed enum values: aws,gcp,azure

type [required]

enum

Always cloud_provider. Allowed enum values: cloud_provider

{
  "data": {
    "attributes": {
      "aws": {
        "aws_account_id": "123456789012",
        "destination_bucket_name": "my-inventory-bucket",
        "destination_bucket_region": "us-east-1",
        "destination_prefix": "logs/"
      },
      "azure": {
        "client_id": "11111111-1111-1111-1111-111111111111",
        "container": "inventory-container",
        "resource_group": "my-resource-group",
        "storage_account": "mystorageaccount",
        "subscription_id": "33333333-3333-3333-3333-333333333333",
        "tenant_id": "22222222-2222-2222-2222-222222222222"
      },
      "gcp": {
        "destination_bucket_name": "my-inventory-reports",
        "project_id": "my-gcp-project",
        "service_account_email": "reader@my-gcp-project.iam.gserviceaccount.com",
        "source_bucket_name": "my-monitored-bucket"
      }
    },
    "id": "aws",
    "type": "cloud_provider"
  }
}

Response

OK

Storage Management configuration returned after a create or update. Additional read-only fields appear on list and get responses.

Expand All

Field

Type

Description

data [required]

object

Storage Management configuration data.

attributes [required]

object

Attributes for a Storage Management configuration. Fields other than id may be empty in the response immediately after a create or update; subsequent reads return the full configuration.

aws_account_id [required]

string

AWS account ID for the inventory bucket.

aws_bucket_name [required]

string

AWS S3 bucket name for inventory files.

aws_region [required]

string

AWS Region for the inventory bucket.

azure_client_id [required]

string

Azure AD application (client) ID.

azure_container_name [required]

string

Azure blob container name.

azure_storage_account_name [required]

string

Azure storage account name.

azure_tenant_id [required]

string

Azure AD tenant ID.

cloud_provider [required]

enum

Cloud provider for this sync configuration (aws, gcp, or azure). For requests, must match the provider block supplied under attributes. Allowed enum values: aws,gcp,azure

error [required]

string

Human-readable error detail when sync is unhealthy.

error_code [required]

string

Machine-readable error code when sync is unhealthy.

gcp_bucket_name [required]

string

GCS bucket name for inventory files Datadog reads.

gcp_project_id [required]

string

GCP project ID.

gcp_service_account_email [required]

string

Service account email for bucket access.

prefix [required]

string

Object key prefix where inventory reports are written. Returns / when reports are written at the bucket root.

id [required]

string

Unique identifier for this Storage Management configuration.

type [required]

enum

Always sync_configs. Allowed enum values: sync_configs

{
  "data": {
    "attributes": {
      "aws_account_id": "123456789012",
      "aws_bucket_name": "my-inventory-bucket",
      "aws_region": "us-east-1",
      "azure_client_id": "11111111-1111-1111-1111-111111111111",
      "azure_container_name": "inventory-container",
      "azure_storage_account_name": "mystorageaccount",
      "azure_tenant_id": "22222222-2222-2222-2222-222222222222",
      "cloud_provider": "aws",
      "error": "",
      "error_code": "",
      "gcp_bucket_name": "my-inventory-reports",
      "gcp_project_id": "my-gcp-project",
      "gcp_service_account_email": "reader@my-gcp-project.iam.gserviceaccount.com",
      "prefix": "logs/"
    },
    "id": "abc123",
    "type": "sync_configs"
  }
}

Bad Request

API error response.

Expand All

Field

Type

Description

errors [required]

[object]

A list of errors.

detail

string

A human-readable explanation specific to this occurrence of the error.

meta

object

Non-standard meta-information about the error

source

object

References to the source of the error.

header

string

A string indicating the name of a single request header which caused the error.

parameter

string

A string indicating which URI query parameter caused the error.

pointer

string

A JSON pointer to the value in the request document that caused the error.

status

string

Status code of the response.

title

string

Short human-readable summary of the error.

{
  "errors": [
    {
      "detail": "Missing required attribute in body",
      "meta": {},
      "source": {
        "header": "Authorization",
        "parameter": "limit",
        "pointer": "/data/attributes/title"
      },
      "status": "400",
      "title": "Bad Request"
    }
  ]
}

Forbidden

API error response.

Expand All

Field

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Too many requests

API error response.

Expand All

Field

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Code Example

                  ## AWS inventory bucket
# 

# Curl command
curl -X PUT "https://api.ap1.datadoghq.com"https://api.ap2.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.us2.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/cloudinventoryservice/syncconfigs" \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \
-d @- << EOF
{
  "data": {
    "attributes": {
      "aws": {
        "aws_account_id": "123456789012",
        "destination_bucket_name": "my-inventory-bucket",
        "destination_bucket_region": "us-east-1",
        "destination_prefix": "logs/"
      }
    },
    "id": "aws",
    "type": "cloud_provider"
  }
}
EOF