Forward logs to datadog forwarder with custom tags
If you want to forward the RunsOn logs to your datadog account, using custom tags (to match Datadog indexes), you need two things:
- Add a subscription filter to the RunsOn Cloudwatch log group
- Add tags to the Cloudwatch log group (for them to be passed to datadog)
This is how we proceeded:
resource "aws_cloudwatch_log_subscription_filter" "dd-logs" { name = "runs-on-cicd" log_group_name = aws_cloudformation_stack.runs-on.outputs.RunsOnServiceLogGroupName filter_pattern = "" destination_arn = var.datadog_forwarder_arn}
# Add Datadog tags to the AppRunner service created by CloudFormationresource "null_resource" "runs-on-apprunner-tags" { triggers = { cloudformation_outputs = sha256(jsonencode(aws_cloudformation_stack.runs-on.outputs)) }
provisioner "local-exec" { command = <<-EOT aws logs tag-log-group \ --region eu-west-1 \ --log-group-name ${aws_cloudformation_stack.runs-on.outputs.RunsOnServiceLogGroupName} \ --tags '{ "Name": "runs-on-cicd", "Environment": "${var.environment}", "Project": "my-custom-project", "Service": "runs-on-cicd" }' EOT }}Note that the sha256 allows us to trigger the tagging everytime the Cloudformation stack is updated. This is useful in case the stack overwrites the log group and removes the tag
Last updated: October 30, 2025