Create AWS connection via API and AWS CLI

Latest Dynatrace
How-to guide

A single Dynatrace environment allows up to 500 connections. If you need to exceed this, please contact Dynatrace support for more information.

Prerequisites

An AWS account with the proper IAM permissions and access, examine the CFN templates and least privilege IAM permissions required to deploy the CFN stacks.
A bastion EC2 with the latest AWS CLI and attached IAM role which allows you to deploy the CFN stacks.
Create settings and ingest platform tokens. The (current) easiest way to create them is to use the new connection (UI) wizard step 3 to generate and download them. There is no need to complete the connection wizard.
If this is the first time that an AWS Connection is created inside this Dynatrace environment, do one of the following options:
- Option 1: Go to Settings and select Collect and capture > Cloud and virtualization > AWS. Do this at least once, and keep it open for about 10 minutes.
- Option 2: Submit the following API call. Be sure to replace the placeholders as described in the table below. (For more info on this API call, see Hub capabilities API - POST an extension 2.0 to environment.)
  curl -X POST \
  "https://${your-environment-url}/api/v2/hub/extensions2/com.dynatrace.extension.da-aws/actions/addToEnvironment" \
  --header "Authorization: Api-Token ${your-Api-Token}" \
  --header "Accept: application/json"
  Placeholder Description
  ${your-environment-url}
  Your full Dynatrace Classic environment URL, for example, xyz12345.live.dynatrace.com.
  ${your-Api-Token}
  An access token with the needed permission scope

Placeholder	Description
`${your-environment-url}`	Your full Dynatrace Classic environment URL, for example, `xyz12345.live.dynatrace.com`.
`${your-Api-Token}`	An access token with the needed permission scope

Create monitoring configuration and AWS connection

1. Get API schema version

The monitoring configuration API schema is versioned, which allows our platform to introduce new features and improve your experience.

To construct a valid API call, run this API request to get your current active ${APISchemaVersion}:

curl -X GET \
  "https://${your-environment-url}/platform/extensions/v2/extensions?filter=name='com.dynatrace.extension.da-aws'&add-fields=activeVersion" \
  -H "Accept: application/json" \
  -H "Authorization: Bearer ${your-bearer-token}"

Placeholder	Description
`${your-environment-url}`	Your full Dynatrace environment URL (for example, `xyz12345.apps.dynatrace.com`).
`${your-bearer-token}`	Set the platform settings token you have created as part of the prerequisites.

The response should look similar to this:

{
	"items": [
		{
			"extensionName": "com.dynatrace.extension.da-aws",
			"version": "1.0.5",
			"activeVersion": "1.0.0"
		}
	],
	"totalCount": 1
}

Use the activeVersion value as the value for ${APISchemaVersion} in the next step.

2. Create monitoring configuration

Next, run this command from your bastion:

curl -X POST "https://${your-environment-url}/platform/extensions/v2/extensions/com.dynatrace.extension.da-aws/monitoring-configurations" \
  -H "accept: application/json" \
  -H "Authorization: Bearer ${your-bearer-token}" \
  -H "Content-Type: application/json; charset=utf-8" \
  -d '

	{
		"scope": "integration-aws",
		"value": {
			"enabled": true,
			"description": "${configuration-name}",
			"version": "${APISchemaVersion}",
			"featureSets": [
				"ApplicationELB_essential",
				"AutoScaling_essential",
				"CloudFront_essential",
				"DynamoDB_essential",
				"EBS_essential",
				"EC2_essential",
				"ECS_essential",
				"Firehose_essential",
				"Lambda_essential",
				"NetworkELB_essential",
				"RDS_essential",
				"Route53_essential",
				"S3_essential",
				"SQS_essential"
			],
			"aws": {
				"smartscapeConfiguration": {
					"enabled": true
				},
				"deploymentRegion": "${deployment-region}",
				"credentials": [
					{
						"enabled": false,
						"description": "${configuration-name}",
						"connectionId": "*",
						"accountId": "${aws-account-id}"
					}
				],
				"regionFiltering": [
					"${monitored-region-a}",
					"${monitored-region-b}",
					"${monitored-region-n}"
				],
				"metricsConfiguration": {
					"enabled": true,
					"regions": [
					"${monitored-region-a}",
					"${monitored-region-b}",
					"${monitored-region-n}"
					]
				},
				"cloudWatchLogsConfiguration": {
					"enabled": false,
					"regions": []
				},
				"configurationMode": "QUICK_START",
				"deploymentScope": "SINGLE_ACCOUNT",
				"deploymentMode": "MANUAL",
				"manualDeploymentStatus": "COMPLETE",
				"automatedDeploymentStatus": "NA"
			}
		}
	}'

Placeholder	Description
`${your-environment-url}`	Your full Dynatrace environment URL (for example, `xyz12345.apps.dynatrace.com`)
`${your-bearer-token}`	Set the platform settings token you have created as part of the prerequisites.
`${configuration-name}`	Name of the new monitoring configuration. Use only letters, numbers, and hyphens. It must start with a letter.
`${APISchemaVersion}`	Use the latest API schema version.
`${connectionId}`	The value fo the `objectId` captured at the initial connection creation.
`${aws-account-id}`	Numeric AWS account ID to monitor (for example, `123456789012`).
`regionFiltering/${monitored-region-a}` … `${monitored-region-n}`	AWS Regions from which you poll CloudWatch metrics and topology (monitored regions) (for example, `us-east-1`, `eu-central-1`).
`metricsConfiguration/${monitored-region-a}` … `${monitored-region-n}`	Forward-compatibility field. This region list must be identical to `regionFiltering` (for example, `us-east-1`, `eu-central-1`).
`cloudWatchLogsConfiguration.enabled`	Keep `false`; relevant if onboarding via our IaC path.
`${deployment-region}`	Deployment region for CloudFormation stack. The AWS Region that you plan to deploy the CloudFormation from. e.g. us-east-2

Successful request will respond with new monitoring configuration ID (in objectId field). Example:

[
  {
    "objectId": "e4bf05f3-d829-3689-8dd4-a9d2aeab0607",
    "code": 200
  }
]

Note that the value of objectId field should be used in the next step in the placeholder: ${new-monitoring-configuration-id}.

If the API call fails, validate that:

You have access and proper permissions to the settings API.
Your settings platform token is valid and assigned to the correct Dynatrace environment/account.

3. Deploy the CloudFormation stack

On your EC2 bastion:

wget -O da-aws-activation.yaml https://dynatrace-data-acquisition.s3.amazonaws.com/aws/deployment/cfn/latest/da-aws-activation.yaml && \
aws cloudformation deploy \
--region ${deployment-region} \
--stack-name ${configuration-name} \
--template-file da-aws-activation.yaml \
--capabilities CAPABILITY_NAMED_IAM \
--parameter-overrides pDynatraceUrl=${your-environment-url} pMonitoringConfigId=${new-monitoring-configuration-id} pDtApiToken=${settings-platform-token} pDtIngestToken=${ingest-platform-token} pDtLogsIngestEnabled=TRUE pDtLogsIngestRegions=${logs-ingest-regions}

Placeholder	Description
`${configuration-name}`	Value specified in step 2
`${deployment-region}`	Value specified in step 2
`${your-environment-url}`	Value specified in step 2
`${new-monitoring-configuration-id}`	Value from API response specified in step 2 (`objectId`)
`${settings-platform-token}`	Settings platform token (created as a prerequisite)
`${ingest-platform-token}`	Ingest platform token (created as a prerequisite)
`${logs-ingest-regions}`	Comma-separated list of regions specified in step 2 (`cloudWatchLogsConfiguration`)

After successful completion, head over to Settings.

In a few minutes, the newly created connection should be visible and in the Healthy state.