Dynatrace ingests metrics for multiple preselected namespaces, including Amazon CloudWatch Logs. You can view metrics for each service instance, split metrics into multiple dimensions, and create custom charts that you can pin to your dashboards.
To enable monitoring for this service, you need
For role-based access in a SaaS deployment, you need an Environment ActiveGate installed on an Amazon EC2 host.
Dynatrace version 1.201+
An updated AWS monitoring policy to include the additional AWS services.
To update the AWS IAM policy, use the JSON below, containing the monitoring policy (permissions) for all supporting services.
{"Version": "2012-10-17","Statement": [{"Sid": "VisualEditor0","Effect": "Allow","Action": ["acm-pca:ListCertificateAuthorities","apigateway:GET","apprunner:ListServices","appstream:DescribeFleets","appsync:ListGraphqlApis","athena:ListWorkGroups","autoscaling:DescribeAutoScalingGroups","cloudformation:ListStackResources","cloudfront:ListDistributions","cloudhsm:DescribeClusters","cloudsearch:DescribeDomains","cloudwatch:GetMetricData","cloudwatch:GetMetricStatistics","cloudwatch:ListMetrics","codebuild:ListProjects","datasync:ListTasks","dax:DescribeClusters","directconnect:DescribeConnections","dms:DescribeReplicationInstances","dynamodb:ListTables","dynamodb:ListTagsOfResource","ec2:DescribeAvailabilityZones","ec2:DescribeInstances","ec2:DescribeNatGateways","ec2:DescribeSpotFleetRequests","ec2:DescribeTransitGateways","ec2:DescribeVolumes","ec2:DescribeVpnConnections","ecs:ListClusters","eks:ListClusters","elasticache:DescribeCacheClusters","elasticbeanstalk:DescribeEnvironmentResources","elasticbeanstalk:DescribeEnvironments","elasticfilesystem:DescribeFileSystems","elasticloadbalancing:DescribeInstanceHealth","elasticloadbalancing:DescribeListeners","elasticloadbalancing:DescribeLoadBalancers","elasticloadbalancing:DescribeRules","elasticloadbalancing:DescribeTags","elasticloadbalancing:DescribeTargetHealth","elasticmapreduce:ListClusters","elastictranscoder:ListPipelines","es:ListDomainNames","events:ListEventBuses","firehose:ListDeliveryStreams","fsx:DescribeFileSystems","gamelift:ListFleets","glue:GetJobs","inspector:ListAssessmentTemplates","kafka:ListClusters","kinesis:ListStreams","kinesisanalytics:ListApplications","kinesisvideo:ListStreams","lambda:ListFunctions","lambda:ListTags","lex:GetBots","logs:DescribeLogGroups","mediaconnect:ListFlows","mediaconvert:DescribeEndpoints","mediapackage-vod:ListPackagingConfigurations","mediapackage:ListChannels","mediatailor:ListPlaybackConfigurations","opsworks:DescribeStacks","qldb:ListLedgers","rds:DescribeDBClusters","rds:DescribeDBInstances","rds:DescribeEvents","rds:ListTagsForResource","redshift:DescribeClusters","robomaker:ListSimulationJobs","route53:ListHostedZones","route53resolver:ListResolverEndpoints","s3:ListAllMyBuckets","sagemaker:ListEndpoints","sns:ListTopics","sqs:ListQueues","storagegateway:ListGateways","sts:GetCallerIdentity","swf:ListDomains","tag:GetResources","tag:GetTagKeys","transfer:ListServers","workmail:ListOrganizations","workspaces:DescribeWorkspaces"],"Resource": "*"}]}
If you don't want to add permissions to all services, and just select permissions for certain services, consult the table below. The table contains a set of permissions that are required for All AWS cloud services and, for each supporting service, a list of optional permissions specific to that service.
"cloudwatch:GetMetricData"
"cloudwatch:GetMetricStatistics"
"cloudwatch:ListMetrics"
"sts:GetCallerIdentity"
"tag:GetResources"
"tag:GetTagKeys"
"ec2:DescribeAvailabilityZones"
cloudwatch:GetMetricData
,cloudwatch:GetMetricStatistics
,cloudwatch:ListMetrics
,sts:GetCallerIdentity
,tag:GetResources
,tag:GetTagKeys
,ec2:DescribeAvailabilityZones
acm-pca:ListCertificateAuthorities
apigateway:GET
apprunner:ListServices
appstream:DescribeFleets
Example of JSON policy for one single service.
{"Version": "2012-10-17","Statement": [{"Sid": "VisualEditor0","Effect": "Allow","Action": ["apigateway:GET","cloudwatch:GetMetricData","cloudwatch:GetMetricStatistics","cloudwatch:ListMetrics","sts:GetCallerIdentity","tag:GetResources","tag:GetTagKeys","ec2:DescribeAvailabilityZones"],"Resource": "*"}]}
In this example, from the complete list of permissions you need to select
"apigateway:GET"
for Amazon API Gateway"cloudwatch:GetMetricData"
, "cloudwatch:GetMetricStatistics"
, "cloudwatch:ListMetrics"
, "sts:GetCallerIdentity"
, "tag:GetResources"
, "tag:GetTagKeys"
, and "ec2:DescribeAvailabilityZones"
for All AWS cloud services.autoscaling.<REGION>.amazonaws.com
lambda.<REGION>.amazonaws.com
elasticloadbalancing.<REGION>.amazonaws.com
dynamodb.<REGION>.amazonaws.com
ec2.<REGION>.amazonaws.com
rds.<REGION>.amazonaws.com
To learn how to enable service monitoring, see Enable service monitoring.
You can view the service metrics in your Dynatrace environment either on the custom device overview page or on your Dashboards page.
To access the custom device overview page
After you add the service to monitoring, a preset dashboard containing all recommended metrics is automatically listed on your Dashboards page. To look for specific dashboards, filter by Preset and then by Name.
For existing monitored services, you might need to resave your credentials for the preset dashboard to appear on the Dashboards page. To resave your credentials, go to Settings > Cloud and virtualization > AWS, select the desired AWS instance, and then select Save.
You can't make changes on a preset dashboard directly, but you can clone and edit it. To clone a dashboard, open the browse menu (…) and select Clone.
To remove a dashboard from the dashboards page, you can hide it. To hide a dashboard, open the browse menu (…) and select Hide.
Hiding a dashboard doesn't affect other users.
To check the availability of preset dashboards for each AWS service, see the list below.
LogGroupName
is the main dimension.
LogGroupName
dimension, this is the volume of log events in uncompressed bytes uploaded to the log group.