Create AWS connection via API and AWS CLI

Latest Dynatrace
How-to guide

A single Dynatrace environment allows up to 500 connections. If you need to exceed this, please contact Dynatrace support for more information.

Prerequisites

An AWS account with the proper IAM permissions and access, examine the CFN templates and least privilege IAM permissions required to deploy the CFN stacks.
An EC2 with the latest AWS CLI and attached IAM role which allows you to deploy the CFN stacks.
Create settings and ingest platform tokens. The (current) easiest way to create them is to use the new connection (UI) wizard step 3 to generate and download them. There is no need to complete the connection wizard.
If this is the first time that an AWS connection is created inside this Dynatrace environment, do one of the following options:
- Option 1: Go to Settings and select Collect and capture > Cloud and virtualization > AWS.
  
  Do this at least once, and keep it open for about 10 minutes.
- Option 2: Submit the following API call. Be sure to replace the placeholders as described below.
  
  For more info on this API call, see Hub capabilities API - POST an extension 2.0 to environment.
  curl -X POST \
  "https://${your-environment-url}/api/v2/hub/extensions2/com.dynatrace.extension.da-aws/actions/addToEnvironment" \
  --header "Authorization: Api-Token ${your-Api-Token}" \
  --header "Accept: application/json"
  Replace the following placeholders with your values and run the API request:
  - ${your-environment-url}: Your full Dynatrace Classic environment URL, for example, xyz12345.live.dynatrace.com.
  - ${your-Api-Token}: An access token with the needed permission scope.

Create monitoring configuration and AWS connection

1. Get API schema version

The monitoring configuration API schema is versioned, which allows our platform to introduce new features and improve your experience.

To construct a valid API call, prepare this API request to get your current active ${APISchemaVersion}:

curl -X GET \
"https://${your-environment-url}/platform/extensions/v2/extensions?filter=name='com.dynatrace.extension.da-aws'&add-fields=activeVersion" \
-H "Accept: application/json" \
-H "Authorization: Bearer ${your-bearer-token}"

Replace the following placeholders with your values and run the API request:
- ${your-environment-url}: Your full Dynatrace environment URL (for example, xyz12345.apps.dynatrace.com).
- ${your-bearer-token}: Set the platform settings token you have created as part of the prerequisites.

The response should look similar to this:

{
	"items": [
		{
			"extensionName": "com.dynatrace.extension.da-aws",
			"version": "1.0.5",
			"activeVersion": "1.0.0"
		}
	],
	"totalCount": 1
}

Use the activeVersion value as the value for ${APISchemaVersion} in the next step.

2. Create monitoring configuration

Prepare this command:

curl -X POST "https://${your-environment-url}/platform/extensions/v2/extensions/com.dynatrace.extension.da-aws/monitoring-configurations" \
-H "accept: application/json" \
-H "Authorization: Bearer ${your-bearer-token}" \
-H "Content-Type: application/json; charset=utf-8" \
-d '

	{
		"scope": "integration-aws",
		"value": {
			"enabled": true,
			"description": "${configuration-name}",
			"version": "${APISchemaVersion}",
			"featureSets": [
				"ApplicationELB_essential",
				"AutoScaling_essential",
				"CloudFront_essential",
				"DynamoDB_essential",
				"EBS_essential",
				"EC2_essential",
				"ECS_essential",
				"Firehose_essential",
				"Lambda_essential",
				"NetworkELB_essential",
				"RDS_essential",
				"Route53_essential",
				"S3_essential",
				"SQS_essential"
			],
			"aws": {
				"deploymentRegion": "${deployment-region}",
				"credentials": [
					{
						"enabled": false,
						"description": "${configuration-name}",
						"connectionId": "*",
						"accountId": "${aws-account-id}"
					}
				],
				"regionFiltering": [
					"${monitored-region-a}",
					"${monitored-region-b}",
					"${monitored-region-n}"
				],
				"metricsConfiguration": {
					"enabled": true,
					"regions": [
					"${monitored-region-a}",
					"${monitored-region-b}",
					"${monitored-region-n}"
					]
				},
				"cloudWatchLogsConfiguration": {
					"enabled": false,
					"regions": []
				},
				"configurationMode": "QUICK_START",
				"deploymentScope": "SINGLE_ACCOUNT",
				"deploymentMode": "MANUAL",
				"manualDeploymentStatus": "COMPLETE",
				"automatedDeploymentStatus": "NA"
			}
		}
	}'

Replace the following placeholders with your values and run the command:
- ${your-environment-url}: Your full Dynatrace environment URL (for example, xyz12345.apps.dynatrace.com).
- ${your-bearer-token}: Set the platform settings token you have created as part of the prerequisites.
- ${configuration-name}: Name of the new monitoring configuration. Use only letters, numbers, and hyphens. It must start with a letter.
- ${APISchemaVersion}: Use the latest API schema version.
- ${connectionId}: The value of the objectId captured at the initial connection creation.
- ${aws-account-id}: Numeric AWS account ID to monitor (for example, 123456789012).
- regionFiltering/${monitored-region-a} … ${monitored-region-n}: AWS Regions from which you poll CloudWatch metrics and topology (monitored regions) (for example, us-east-1, eu-central-1).
- metricsConfiguration/${monitored-region-a} … ${monitored-region-n}: Forward-compatibility field. This region list must be identical to regionFiltering (for example, us-east-1, eu-central-1).
- cloudWatchLogsConfiguration.enabled: Keep false; relevant if onboarding via our IaC path.
- ${deployment-region}: Deployment region for CloudFormation stack. The AWS region that you plan to deploy the CloudFormation from. For example, us-east-2.
Successful request will respond with a new monitoring configuration ID (in objectId field). Example:
```
[
{
	"objectId": "e4bf05f3-d829-3689-8dd4-a9d2aeab0607",
	"code": 200
}
]
```
Note that the value of objectId field should be used in the next step in: ${new-monitoring-configuration-id}.

If the API call fails, validate that:

You have access and proper permissions to the settings API.
Your settings platform token is valid and assigned to the correct Dynatrace environment/account.

3. Deploy the CloudFormation stack

Prepare the command:

wget -O da-aws-activation.yaml https://dynatrace-data-acquisition.s3.amazonaws.com/aws/deployment/cfn/latest/da-aws-activation.yaml && \
aws cloudformation deploy \
--region ${deployment-region} \
--stack-name ${configuration-name} \
--template-file da-aws-activation.yaml \
--capabilities CAPABILITY_NAMED_IAM \
--parameter-overrides pDynatraceUrl=${your-environment-url} pMonitoringConfigId=${new-monitoring-configuration-id} pDtApiToken=${settings-platform-token} pDtIngestToken=${ingest-platform-token} pDtLogsIngestEnabled=TRUE pDtLogsIngestRegions=${logs-ingest-regions}

Replace the following placeholders with your values and run the command:
- ${configuration-name}: Value specified in Create monitoring configuration step.
- ${deployment-region}: Value specified in Create monitoring configuration step.
- ${your-environment-url}: Value specified in Create monitoring configuration step.
- ${new-monitoring-configuration-id}: Value from API response specified in Create monitoring configuration step (objectId).
- ${settings-platform-token}: Settings platform token (created as a prerequisite).
- ${ingest-platform-token}: Ingest platform token (created as a prerequisite).
- ${logs-ingest-regions}: Comma-separated list of regions specified in Create monitoring configuration step (cloudWatchLogsConfiguration).
After successful completion, head over to Settings.

In a few minutes, the newly created connection should be visible as Healthy.