Did you make that key public at any time? Its fairly easy to leak keys on github that get picked up by automated bots. AWS is very good about covering charges from account 'hacks'
I wouldn't jump to conclusions on Datadog unless you can verify they only had access to the key.
(Just went through a key leak with AWS)
Ilan with Datadog here.
On Friday, September 30th a number of Datadog-AWS shared customers received an erroneous email notification from AWS about compromised AWS access keys associated with Datadog. AWS intended to reach out to shared customers that had been lax in deactivating and deleting access keys associated with the 7/8/2016 Datadog breach (https://www.datadoghq.com/blog/2016-07-08-security-notice/). AWS accidentally sent out a standard compromise notification to the original list of shared customers. False positives abound! You can validate this error by contacting your AWS support contact.
As recommended in our original communication, if you have not you should deactivate and delete any service integration credential shared with Datadog on or prior to 7/8/2016 immediately and for AWS transition to Role Delegation as outlined here: https://help.datadoghq.com/hc/en-us/articles/210376966-Revok...
The AWS communication was made in error. If you received the initial message you should have also received a retraction. Customers that have been lax in deactivating and deleting these access keys will receive additional communication directly from AWS.