AWS topology

Latest Dynatrace
Explanation
Published Oct 16, 2025
Preview

Overview

Dynatrace AWS Cloud Platform Monitoring periodically scans your AWS account topology and stores it in Smartscape on Grail. Each AWS resource on your AWS account is represented as an entity in Dynatrace (in the form of a Smartscape Node) containing the resource configuration, its tags, and its relationships to other resources (in the form of Smartscape Edges).

When telemetry for resources in your AWS account is ingested in Dynatrace (Amazon CloudWatch Metrics, CloudWatch Logs, Amazon EventBridge events), it's linked to the Smartscape node representing the resource producing it, setting telemetry in context.

This provides you a complete view of your resources with their configuration and telemetry in Clouds as well as the ability to perform advanced queries on your topology across all monitored AWS accounts via Dynatrace Query Language (DQL). Topology also powers AWS tag enrichment for your ingested telemetry.

Use cases

AWS topology on Smartscape on Grail enables multiple powerful use cases, like:

Access the inventory of your resources across all your monitored AWS accounts, including its configuration, together with their telemetry in the Clouds.
Use DQL to query telemetry using topology context (for example, show CPUUtilization for all EC2 instances registered with a specific Elastic Load Balancer or show VolumeReadOps and VolumeWriteOps for all the Amazon EBS volumes attached to a given EC2 instance). This helps with simplified observability with topology context as the context data (like load balancer or attached EC2 instance(s)) is not available as CloudWatch metric dimensions.
Use DQL to query the configuration state of your resources across monitored AWS accounts, (for example, list all Amazon EBS Volumes that are not encrypted, pull up a report of EC2 instances per instance type, list internet-facing load balancers…).

Key concepts

Entities (Smartscape nodes)

Dynatrace scans your AWS accounts' topology by calling service-specific List* and Describe* API calls (such as: ec2:DescribeInstances), as well as the AWS Resource Group Tagging API to gather tag information of your resources.

Resources are then persisted as entities in Smartscape on Grail. Dynatrace supports two different AWS entity types:

Full
Lightweight

In addition to the Smartscape on Grail common attributes, all AWS entities have the following attributes:

aws.account.id
aws.region
aws.resource.id
aws.resource.name
aws.arn
aws.resource.type
tags

Smartscape node types for AWS follow the CloudFormation resource type notation, making all letters uppercase and substituting :: with _. For example, a CloudFormation resource type AWS::EC2::Instance would be persisted in Smartscape as node type AWS_EC2_INSTANCE. Smartscape nodes can be fetched via DQL in Notebooks Notebooks with the smartscapeNodes command like the one below:

smartscapeNodes "AWS_EC2_INSTANCE"

Full entities

Full entities are produced from information from List* and Describe* AWS Service APIs and contain the resource configuration in the aws.object attribute.

The aws.object attribute is a JSON structure with the following format:

{
  "configuration": "<output_of_resource_describe_api>",
  "supplementary_configuration": "<output_of_additional_api_calls_describing_resource_configuration>"
}

See Supported AWS services and resource types for the list of the AWS resource types that are considered full.

Lightweight entities

Lightweight entities are produced from information retrieved for the AWS Resource Group Tagging API.

They contain a given resource Amazon Resource Name (ARN) and its tags. They don't contain resource configuration (aws.object).

See Supported AWS services and resource types for the list of the AWS resource types that are considered lightweight.

Relationships (Smartscape edges)

While scanning AWS topology, Dynatrace also discovers relationships between resources and persists them in Smartscape on Grail as static edges.

For more information, see Smartscape on Grail.

Topology data freshness

Dynatrace scans topology data on your AWS accounts every hour. In addition, Dynatrace refreshes tag information and listens for resource changes (using the CloudTrail API) every 15 minutes.

You can see the timestamp when a given Smartscape node was updated looking at the lifetime.end attribute.

When querying topology, make sure you select at least the last hour on the query timeframe to list all active resources.

Dynatrace scans the topology of the AWS regions that have been selected for monitoring.

Because of the above, the us-east-1 region must be selected for monitoring in order to scan the topology of global AWS services (such as Amazon CloudFront, Amazon IAM, and so on).

Access AWS topology data in Dynatrace

You can access topology data via Clouds to visualize entities and their telemetry or via Notebooks to perform advanced DQL queries.

Query topology data via DQL

By using DQL in Notebooks, you can perform advanced topology queries across all your monitored AWS accounts. To help you get started, you can find some useful query examples below.

List the count of entities by type

The following query gives you an overview of your AWS entities discovered by Dynatrace, broken down by AWS account id and region, sorted by number of entities.

smartscapeNodes "AWS*"
| summarize count=count(), by:{aws.account.id, aws.region, type}
| sort count desc

Query all Amazon EC2 instances on a given VPC with a specific tag

The following query fetches smartscape nodes of type AWS_EC2_INSTANCE that have the tag owner_team with value team-acme and run on VPC with id vpc-abcde12345.

smartscapeNodes "AWS_EC2_INSTANCE"
| filter tags[owner_team]=="team-acme" and aws.vpc.id =="vpc-abcde12345"

Query all Amazon EC2 instances including a subset of their configuration attributes

The following query fetches Smartscape nodes of type AWS_EC2_INSTANCE, including the attributes instanceType, coreCount, threadsPerCode, imageId, publicIp, and privateIp.

smartscapeNodes "AWS_EC2_INSTANCE"
| parse aws.object, "JSON:awsjson"
| fieldsAdd instanceType=awsjson[configuration][instanceType],
            cpuOptions.coreCount=awsjson[configuration][cpuOptions][coreCount],
            cpuOptions.threadsPerCore=awsjson[configuration][cpuOptions][threadsPerCore],
            imageId=awsjson[configuration][imageId],
            publicIp=awsjson[configuration][networkInterfaces][0][association][publicIp],
            privateIp=awsjson[configuration][privateIpAddress]
| fieldsRemove  aws.object, awsjson

Query the discovered relationship (edge) types by source resource type and target resource type

Fetches the count of relationship types by source resource type and target resource types discovered for your monitored AWS accounts.

smartscapeEdges "*"
| summarize count=count(), by: {edgeType=type, sourceType=source_type, targetType=target_type}

Query all the Amazon EC2 instances that are registered with a target group of a given Load Balancer

Fetches all the EC2 instances behind all target groups behind an Elastic Load Balancer by traversing Smartscape edges.

smartscapeNodes "AWS_ELASTICLOADBALANCINGV2_LOADBALANCER"
| parse aws.object, "JSON:aws.object"
| fieldsAdd dnsName = aws.object[configuration][dnsName], loadBalancerName = aws.object[configuration][loadBalancerName], scheme = aws.object[configuration][scheme]
| filter scheme == "internet-facing"
| traverse "balanced_by", "AWS_ELASTICLOADBALANCINGV2_TARGETGROUP", direction:"backward", fieldsKeep:{dnsName, loadBalancerName, id}
| fieldsAdd targetGroupName = "aws.resource.name"
| traverse "balances", "AWS_EC2_INSTANCE", fieldsKeep: {targetGroupName,id}
| fieldsAdd loadBalancerName = dt.traverse.history[-2][loadBalancerName],
            loadBalancerDnsName = dt.traverse.history[-2][dnsName],
            loadBalancerId = dt.traverse.history[-2][id],
            targetGroupName = dt.traverse.history[-1][targetGroupName],
            targetGroupId = dt.traverse.history[-1][id]

Query the CPUUtilization metric for all Amazon EC2 instances behind a given Load Balancer

Gets the CPUUtilization metric for all Amazon EC2 Instances registered with a target group for a load balancer with name my-application-load-balancer.

timeseries avg(cloud.aws.ec2.CPUUtilization.By.InstanceId),
by: {aws.account.id, aws.region, dt.smartscape_source.id, InstanceId }
| filter dt.smartscape_source.id in [
smartscapeNodes "AWS_ELASTICLOADBALANCINGV2_LOADBALANCER"
| filter contains(aws.resource.name,"my-application-load-balancer")
| traverse "balanced_by", "AWS_ELASTICLOADBALANCINGV2_TARGETGROUP", direction:"backward", fieldsKeep:{dnsName, loadBalancerName, id}
| traverse "balances", "AWS_EC2_INSTANCE", fieldsKeep: {targetGroupName,id}
| fieldsKeep id
]

What's next?

We recommend experimenting with our purpose-built AWS topology notebooks, which you can find linked on Clouds. These notebooks contain multiple example DQL queries and use cases.