Unable to migrate from `datadog.aws.Integration` to `datadog.aws.IntegrationAccount`

[JonKusz]

Describe what happened

When attempting to migrate an existing Datadog AWS integration from the deprecated datadog.aws.Integration to the new datadog.aws.IntegrationAccount resource via an import operation, I am running into the following (some IDs and names redacted).

pulumi import datadog:aws/integrationAccount:IntegrationAccount datadog-aws-integration-account 00000000-0000-0000-0000-000000000000

     Type                               Name                             Plan       Info
     pulumi:pulumi:Stack                redacted                       1 error
 =   └─ datadog:aws:IntegrationAccount  datadog-aws-integration-account  import     1 error

Diagnostics:
  datadog:aws:IntegrationAccount (datadog-aws-integration-account):
    error: Preview failed: Missing Attribute Configuration: Exactly one of these attributes must be configured: [logs_config.lambda_forwarder]

Which is unexpected, because my resource definition is as follows.

export const datadogAwsIntegrationAccount = new datadog.aws.IntegrationAccount(
  'datadog-aws-integration-account',
  {
    awsAccountId: '000000000000',
    awsPartition: 'aws',

    authConfig: {
      awsAuthConfigRole: {
        roleName: 'redacted',
      },
    },

    awsRegions: {
      includeOnlies: ['us-east-1', 'us-east-2', 'us-west-1', 'us-west-2'],
    },

    logsConfig: {
      lambdaForwarder: {},
    },

    metricsConfig: {
      namespaceFilters: {},
      tagFilters: [
        {
          namespace: 'AWS/EC2',
          tags: ['redacted'],
        },
      ],
    },

    resourcesConfig: {
      cloudSecurityPostureManagementCollection: false,
      extendedCollection: false,
    },

    tracesConfig: {
      xrayServices: {},
    },
  }
);

I have an appropriately defined logsConfig property as outlined in the resource's documentation here. Im not sure if this is a misconfiguration on my side, or an actual bug, so figured Id report it.

Sample program

See issue description.

Log output

No response

Affected Resource(s)

No response

Output of pulumi about

CLI          
Version      3.157.0
Go Version   go1.24.1
Go Compiler  gc

Plugins
KIND      NAME     VERSION
resource  aws      6.24.0
resource  awsx     2.5.0
resource  datadog  4.46.0
resource  docker   4.5.1
resource  docker   3.6.1
language  nodejs   3.157.0

Host     
OS       darwin
Version  15.3.2
Arch     arm64

This project is written in nodejs: executable='/Users/<redacted>/.nvm/versions/node/v20.18.1/bin/node' version='v20.18.1'

Current Stack: <redacted>

<redacted>

Found no pending operations associated with <redacted>

Backend        
Name           pulumi.com
URL            <redacted>
User           <redacted>
Organizations  <redacted>
Token type     <redacted>

Dependencies:
NAME             VERSION
@pulumi/aws      6.24.0
@pulumi/awsx     2.5.0
@pulumi/datadog  4.46.0
@pulumi/pulumi   3.157.0
@types/node      18.19.21

Additional context

No response

Contributing

Vote on this issue by adding a 👍 reaction. To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).

[t0yv0]

Thank you for reporting this, it seems unexpected. It looks like the schema for logsConfig.lambdaForwarder is defined here:

https://github.com/DataDog/terraform-provider-datadog/blob/68ac411965bf6eac4d16aaaeacb432c3d5ac64e3/datadog/fwprovider/resource_datadog_integration_aws_account.go#L283

The docs say "The lambda_fowarder block is required within, but may be empty to use defaults." and the generated code seems to do that correctly:

  logsConfig: {
      lambdaForwarder: {},
    },

In TF that certainly seems acceptable:

resource "datadog_integration_aws_account" "foo-defaults" {
   ...
  logs_config {
    lambda_forwarder {}
  }

I am wondering here to clarify, you are getting error: Preview failed: Missing Attribute Configuration: from pulumi import command? And the code you list is your old definition, or is that code coming from what the import command printed to recommend placing in your sources?

[JonKusz]

@t0yv0

are getting error: Preview failed: Missing Attribute Configuration: from pulumi import command?

Yeah this is the error I get from running pulumi import, as outlined in the original description.

And the code you list is your old definition, or is that code coming from what the import command printed to recommend placing in your sources?

That is a new definition Im expecting to use. Looking at this again today, this same error is thrown whether I have a matching resource defined for the datadog-aws-integration-account resource name at the time of import or not. Since the import fails, the import command never prints out any expected config to add to my resource definitions either.

[guineveresaenger]

@JonKusz thank you for reporting back!

It sounds like you're not able to run import for this resource at all, whether you have existing configuration waiting for your resource or not.

It additionally sounds like part of the issue is that you're trying to import a former Integration to an IntegrationAccount. It sounds like it is perhaps not possible to do this 1:1 at this point, but we'll take a look. My thought is that this should work and that it's perhaps an upstream provider bug.

The other thought I had, would it be possible for you to try filling in the logsConfig fields? they're described here.

[JonKusz]

@guineveresaenger

The other thought I had, would it be possible for you to try filling in the logsConfig fields? they're described here.

I gave this a try and unfortunately saw the same error. The config I attempted to set was;

    logsConfig: {
      lambdaForwarder: {
        lambdas: ['arn:aws:lambda:redacted:redacted:function:redacted'],
        sources: [],
      },
    },

[guineveresaenger]

Thank you for trying. We'll be taking a look as soon as we can.