Create AWS connection via API and AWS CLI
- Latest Dynatrace
- How-to guide
A single Dynatrace environment allows up to 500 connections. If you require to exceed this, please contact Dynatrace support for more information.
Prerequisites
- An AWS account with the proper IAM permissions and access, examine the CFN templates and least privilege IAM permissions required to deploy the CFN stacks.
- A bastion EC2 with the latest AWS CLI and attached IAM role which allows you to deploy the CFN stacks.
- Create settings and ingest platform tokens. The (current) easiest way to create them is to use the new connection (UI) wizard step 3 to generate and download them. There is no need to complete the connection wizard.
Create monitoring configuration and AWS connection
1. Get API schema version
The monitoring configuration API schema is versioned, which allows our platform to introduce new features and improve your experience.
To construct a valid API call, run this API request to get your current active ${APISchemaVersion}:
curl -X GET \"https://${your-environment-url}/platform/extensions/v2/extensions?filter=name='com.dynatrace.extension.da-aws'&add-fields=activeVersion" \-H "Accept: application/json" \-H "Authorization: Bearer ${your-bearer-token}"
| Placeholder | Description |
|---|---|
| Your full Dynatrace environment URL (for example, |
| Set the platform settings token you have created as part of the prerequisites. |
The response should look similar to this:
{"items": [{"extensionName": "com.dynatrace.extension.da-aws","version": "1.0.5","activeVersion": "1.0.0"}],"totalCount": 1}
Use the activeVersion value as the value for ${APISchemaVersion} in the next step.
2. Create monitoring configuration
Next, run this command from your bastion:
curl -X POST "https://${your-environment-url}/platform/extensions/v2/extensions/com.dynatrace.extension.da-aws/monitoring-configurations" \-H "accept: application/json" \-H "Authorization: Bearer ${your-bearer-token}" \-H "Content-Type: application/json; charset=utf-8" \-d '{"scope": "integration-aws","value": {"enabled": true,"description": "${configuration-name}","version": "${APISchemaVersion}","featureSets": ["ApplicationELB_essential","AutoScaling_essential","CloudFront_essential","DynamoDB_essential","EBS_essential","EC2_essential","ECS_essential","Firehose_essential","Lambda_essential","NetworkELB_essential","RDS_essential","Route53_essential","S3_essential","SQS_essential"],"aws": {"smartscapeConfiguration": {"enabled": true},"deploymentRegion": "${deployment-region}","credentials": [{"enabled": false,"description": "${configuration-name}","connectionId": "*","accountId": "${aws-account-id}"}],"regionFiltering": ["${monitored-region-a}","${monitored-region-b}","${monitored-region-n}"],"metricsConfiguration": {"enabled": true,"regions": ["${monitored-region-a}","${monitored-region-b}","${monitored-region-n}"]},"cloudWatchLogsConfiguration": {"enabled": false,"regions": []},"configurationMode": "QUICK_START","deploymentScope": "SINGLE_ACCOUNT","deploymentMode": "MANUAL","manualDeploymentStatus": "COMPLETE","automatedDeploymentStatus": "NA"}}}'
| Placeholder | Description |
|---|---|
| Your full Dynatrace environment URL (for example, |
| Set the platform settings token you have created as part of the prerequisites. |
| Name of the new monitoring configuration. Use only letters, numbers, and hyphens. It must start with a letter. |
| Use the latest API schema version. |
| The value fo the |
| Numeric AWS account ID to monitor (for example, |
| AWS Regions from which you poll CloudWatch metrics and topology (monitored regions) (for example, |
| Forward-compatibility field. This region list must be identical to |
| Keep |
| Deployment region for CloudFormation stack. The AWS Region that you plan to deploy the CloudFormation from. e.g. us-east-2 |
Successful request will respond with new monitoring configuration ID (in objectId field). Example:
[{"objectId": "e4bf05f3-d829-3689-8dd4-a9d2aeab0607","code": 200}]
Note that the value of objectId field should be used in the next step in the placeholder: ${new-monitoring-configuration-id}.
If the API call fails, validate that:
- You have access and proper permissions to the settings API.
- Your settings platform token is valid and assigned to the correct Dynatrace environment/account.
3. Deploy the CloudFormation stack
On your EC2 bastion:
wget -O da-aws-activation.yaml https://dynatrace-data-acquisition.s3.amazonaws.com/aws/deployment/cfn/latest/da-aws-activation.yaml && \aws cloudformation deploy \--region ${deployment-region} \--stack-name ${configuration-name} \--template-file da-aws-activation.yaml \--capabilities CAPABILITY_NAMED_IAM \--parameter-overrides pDynatraceUrl=${your-environment-url} pMonitoringConfigId=${new-monitoring-configuration-id} pDtApiToken=${settings-platform-token} pDtIngestToken=${ingest-platform-token} pDtLogsIngestEnabled=TRUE pDtLogsIngestRegions=${logs-ingest-regions}
| Placeholder | Description |
|---|---|
| Value specified in step 2 |
| Value specified in step 2 |
| Value specified in step 2 |
| Value from API response specified in step 2 ( |
| Settings platform token (created as a prerequisite) |
| Ingest platform token (created as a prerequisite) |
| Comma-separated list of regions specified in step 2 ( |
After successful completion, head over to 
Settings.
In a few minutes, the newly created connection should be visible and in the Healthy state.