AWS IoT monitoring
Dynatrace ingests metrics for multiple preselected namespaces, including AWS IoT. You can view metrics for each service instance, split metrics into multiple dimensions, and create custom charts that you can pin to your dashboards.
Prerequisites
To enable monitoring for this service, you need
-
ActiveGate version 1.181+, as follows:
-
For Dynatrace SaaS deployments, you need an Environment ActiveGate or a Multi-environment ActiveGate.
-
For Dynatrace Managed deployments, you can use any kind of ActiveGate.
For role-based access (whether in a SaaS or Managed deployment), you need an Environment ActiveGate installed on an Amazon EC2 host.
-
-
Dynatrace version 1.182+
-
An updated AWS monitoring policy to include the additional AWS services.
To update the AWS IAM policy, use the JSON below, containing the monitoring policy (permissions) for all supporting services.
{"Version": "2012-10-17","Statement": [{"Sid": "VisualEditor0","Effect": "Allow","Action": ["acm-pca:ListCertificateAuthorities","apigateway:GET","apprunner:ListServices","appstream:DescribeFleets","appsync:ListGraphqlApis","athena:ListWorkGroups","autoscaling:DescribeAutoScalingGroups","cloudformation:ListStackResources","cloudfront:ListDistributions","cloudhsm:DescribeClusters","cloudsearch:DescribeDomains","cloudwatch:GetMetricData","cloudwatch:GetMetricStatistics","cloudwatch:ListMetrics","codebuild:ListProjects","datasync:ListTasks","dax:DescribeClusters","directconnect:DescribeConnections","dms:DescribeReplicationInstances","dynamodb:ListTables","dynamodb:ListTagsOfResource","ec2:DescribeAvailabilityZones","ec2:DescribeInstances","ec2:DescribeNatGateways","ec2:DescribeSpotFleetRequests","ec2:DescribeTransitGateways","ec2:DescribeVolumes","ec2:DescribeVpnConnections","ecs:ListClusters","eks:ListClusters","elasticache:DescribeCacheClusters","elasticbeanstalk:DescribeEnvironmentResources","elasticbeanstalk:DescribeEnvironments","elasticfilesystem:DescribeFileSystems","elasticloadbalancing:DescribeInstanceHealth","elasticloadbalancing:DescribeListeners","elasticloadbalancing:DescribeLoadBalancers","elasticloadbalancing:DescribeRules","elasticloadbalancing:DescribeTags","elasticloadbalancing:DescribeTargetHealth","elasticmapreduce:ListClusters","elastictranscoder:ListPipelines","es:ListDomainNames","events:ListEventBuses","firehose:ListDeliveryStreams","fsx:DescribeFileSystems","gamelift:ListFleets","glue:GetJobs","inspector:ListAssessmentTemplates","kafka:ListClusters","kinesis:ListStreams","kinesisanalytics:ListApplications","kinesisvideo:ListStreams","lambda:ListFunctions","lambda:ListTags","lex:GetBots","logs:DescribeLogGroups","mediaconnect:ListFlows","mediaconvert:DescribeEndpoints","mediapackage-vod:ListPackagingConfigurations","mediapackage:ListChannels","mediatailor:ListPlaybackConfigurations","opsworks:DescribeStacks","qldb:ListLedgers","rds:DescribeDBClusters","rds:DescribeDBInstances","rds:DescribeEvents","rds:ListTagsForResource","redshift:DescribeClusters","robomaker:ListSimulationJobs","route53:ListHostedZones","route53resolver:ListResolverEndpoints","s3:ListAllMyBuckets","sagemaker:ListEndpoints","sns:ListTopics","sqs:ListQueues","storagegateway:ListGateways","sts:GetCallerIdentity","swf:ListDomains","tag:GetResources","tag:GetTagKeys","transfer:ListServers","workmail:ListOrganizations","workspaces:DescribeWorkspaces"],"Resource": "*"}]}
If you don't want to add permissions to all services, and just select permissions for certain services, consult the table below. The table contains a set of permissions that are required for All AWS cloud services and, for each supporting service, a list of optional permissions specific to that service.
Permissions required for AWS monitoring integration:
"cloudwatch:GetMetricData""cloudwatch:GetMetricStatistics""cloudwatch:ListMetrics""sts:GetCallerIdentity""tag:GetResources""tag:GetTagKeys""ec2:DescribeAvailabilityZones"
Name
Permissions
All monitored Amazon services required
cloudwatch:GetMetricData,cloudwatch:GetMetricStatistics,cloudwatch:ListMetrics,sts:GetCallerIdentity,tag:GetResources,tag:GetTagKeys,ec2:DescribeAvailabilityZonesAWS Certificate Manager Private Certificate Authority
acm-pca:ListCertificateAuthoritiesAmazon MQ
Amazon API Gateway
apigateway:GETAWS App Runner
apprunner:ListServicesAmazon AppStream
appstream:DescribeFleetsAWS AppSync
appsync:ListGraphqlApisAmazon Athena
athena:ListWorkGroupsAmazon Aurora
rds:DescribeDBClustersAmazon EC2 Auto Scaling
autoscaling:DescribeAutoScalingGroupsAmazon EC2 Auto Scaling (built-in)
autoscaling:DescribeAutoScalingGroupsAWS Billing
Amazon Keyspaces
AWS Chatbot
Amazon CloudFront
cloudfront:ListDistributionsAWS CloudHSM
cloudhsm:DescribeClustersAmazon CloudSearch
cloudsearch:DescribeDomainsAWS CodeBuild
codebuild:ListProjectsAmazon Cognito
Amazon Connect
Amazon Elastic Kubernetes Service (EKS)
eks:ListClustersAWS DataSync
datasync:ListTasksAmazon DynamoDB Accelerator (DAX)
dax:DescribeClustersAWS Database Migration Service (AWS DMS)
dms:DescribeReplicationInstancesAmazon DocumentDB
rds:DescribeDBClustersAWS Direct Connect
directconnect:DescribeConnectionsAmazon DynamoDB
dynamodb:ListTablesAmazon DynamoDB (built-in)
dynamodb:ListTables,dynamodb:ListTagsOfResourceAmazon EBS
ec2:DescribeVolumesAmazon EBS (built-in)
ec2:DescribeVolumesAmazon EC2 API
Amazon EC2 (built-in)
ec2:DescribeInstancesAmazon EC2 Spot Fleet
ec2:DescribeSpotFleetRequestsAmazon Elastic Container Service (ECS)
ecs:ListClustersAmazon ECS Container Insights
ecs:ListClustersAmazon ElastiCache (EC)
elasticache:DescribeCacheClustersAWS Elastic Beanstalk
elasticbeanstalk:DescribeEnvironmentsAmazon Elastic File System (EFS)
elasticfilesystem:DescribeFileSystemsAmazon Elastic Inference
Amazon Elastic Map Reduce (EMR)
elasticmapreduce:ListClustersAmazon Elasticsearch Service (ES)
es:ListDomainNamesAmazon Elastic Transcoder
elastictranscoder:ListPipelinesAmazon Elastic Load Balancer (ELB) (built-in)
elasticloadbalancing:DescribeInstanceHealth,elasticloadbalancing:DescribeListeners,elasticloadbalancing:DescribeLoadBalancers,elasticloadbalancing:DescribeRules,elasticloadbalancing:DescribeTags,elasticloadbalancing:DescribeTargetHealthAmazon EventBridge
events:ListEventBusesAmazon FSx
fsx:DescribeFileSystemsAmazon GameLift
gamelift:ListFleetsAWS Glue
glue:GetJobsAmazon Inspector
inspector:ListAssessmentTemplatesAWS Internet of Things (IoT)
AWS IoT Analytics
Amazon Managed Streaming for Kafka
kafka:ListClustersAmazon Kinesis Data Analytics
kinesisanalytics:ListApplicationsAmazon Data Firehose
firehose:ListDeliveryStreamsAmazon Kinesis Data Streams
kinesis:ListStreamsAmazon Kinesis Video Streams
kinesisvideo:ListStreamsAWS Lambda
lambda:ListFunctionsAWS Lambda (built-in)
lambda:ListFunctions,lambda:ListTagsAmazon Lex
lex:GetBotsAmazon Application and Network Load Balancer (built-in)
elasticloadbalancing:DescribeInstanceHealth,elasticloadbalancing:DescribeListeners,elasticloadbalancing:DescribeLoadBalancers,elasticloadbalancing:DescribeRules,elasticloadbalancing:DescribeTags,elasticloadbalancing:DescribeTargetHealthAmazon CloudWatch Logs
logs:DescribeLogGroupsAWS Elemental MediaConnect
mediaconnect:ListFlowsAWS Elemental MediaConvert
mediaconvert:DescribeEndpointsExample of JSON policy for one single service.
{"Version": "2012-10-17","Statement": [{"Sid": "VisualEditor0","Effect": "Allow","Action": ["apigateway:GET","cloudwatch:GetMetricData","cloudwatch:GetMetricStatistics","cloudwatch:ListMetrics","sts:GetCallerIdentity","tag:GetResources","tag:GetTagKeys","ec2:DescribeAvailabilityZones"],"Resource": "*"}]}
In this example, from the complete list of permissions you need to select
"apigateway:GET"for Amazon API Gateway"cloudwatch:GetMetricData","cloudwatch:GetMetricStatistics","cloudwatch:ListMetrics","sts:GetCallerIdentity","tag:GetResources","tag:GetTagKeys", and"ec2:DescribeAvailabilityZones"for All AWS cloud services.
Enable monitoring
To learn how to enable service monitoring, see Enable service monitoring.
View service metrics
You can view the service metrics in your Dynatrace environment either on the custom device overview page or on your Dashboards page.
View metrics on the custom device overview page
To access the custom device overview page
- Go to Technologies & Processes or Technologies & Processes Classic (latest Dynatrace).
- Filter by service name and select the relevant custom device group.
- Once you select the custom device group, you're on the custom device group overview page.
- The custom device group overview page lists all instances (custom devices) belonging to the group. Select an instance to view the custom device overview page.
View metrics on your dashboard
You can also view metrics in the Dynatrace web UI on dashboards. There is no preset dashboard available for this service, but you can create your own dashboard.
To check the availability of preset dashboards for each AWS service, see the list below.
AWS service
Preset dashboard
Amazon EC2 Auto Scaling (built-in)
AWS Lambda (built-in)
Amazon Application and Network Load Balancer (built-in)
Amazon DynamoDB (built-in)
Amazon EBS (built-in)
Amazon EC2 (built-in)
Amazon Elastic Load Balancer (ELB) (built-in)
Amazon RDS (built-in)
Amazon S3 (built-in)
AWS Certificate Manager Private Certificate Authority
All monitored Amazon services
Amazon API Gateway
AWS App Runner
Amazon AppStream
AWS AppSync
Amazon Athena
Amazon Aurora
Amazon EC2 Auto Scaling
AWS Billing
Amazon Keyspaces
AWS Chatbot
Amazon CloudFront
AWS CloudHSM
Amazon CloudSearch
AWS CodeBuild
Amazon Cognito
Amazon Connect
AWS DataSync
Amazon DynamoDB Accelerator (DAX)
AWS Database Migration Service (AWS DMS)
Amazon DocumentDB
AWS Direct Connect
Amazon DynamoDB
Amazon EBS
Amazon EC2 Spot Fleet
Amazon EC2 API
Amazon Elastic Container Service (ECS)
Amazon ECS Container Insights
Amazon Elastic File System (EFS)
Amazon Elastic Kubernetes Service (EKS)
Amazon ElastiCache (EC)
AWS Elastic Beanstalk
Amazon Elastic Inference
Amazon Elastic Transcoder
Amazon Elastic Map Reduce (EMR)
Amazon Elasticsearch Service (ES)
Amazon EventBridge
Amazon FSx
Amazon GameLift
AWS Glue
Amazon Inspector
AWS Internet of Things (IoT)
AWS IoT Things Graph
AWS IoT Analytics
Amazon Managed Streaming for Kafka
Amazon Kinesis Data Analytics
Amazon Data Firehose
Amazon Kinesis Data Streams
Amazon Kinesis Video Streams
AWS Lambda
Amazon Lex
Amazon CloudWatch Logs
AWS Elemental MediaTailor
AWS Elemental MediaConnect
AWS Elemental MediaConvert
AWS Elemental MediaPackage Live
AWS Elemental MediaPackage Video on Demand
Amazon MQ
Amazon VPC NAT Gateways
Amazon Neptune
AWS OpsWorks
Amazon Polly
Amazon QLDB
Amazon RDS
Amazon Redshift
Amazon Rekognition
AWS RoboMaker
Amazon Route 53
Amazon Route 53 Resolver
Amazon S3
Amazon SageMaker Batch Transform Jobs
Amazon SageMaker Endpoints
Amazon SageMaker Endpoint Instances
Amazon SageMaker Ground Truth
Amazon SageMaker Processing Jobs
Amazon SageMaker Training Jobs
AWS Service Catalog
Amazon Simple Email Service (SES)
Amazon Simple Notification Service (SNS)
Amazon Simple Queue Service (SQS)
AWS Systems Manager - Run Command
AWS Step Functions
AWS Storage Gateway
Amazon SWF
Amazon Textract
AWS Transfer Family
AWS Transit Gateway
Amazon Translate
AWS Trusted Advisor
AWS API Usage
AWS Site-to-Site VPN
AWS WAF Classic
AWS WAF
Amazon WorkMail
Available metrics
Name
Description
Statistics
Unit
Dimensions
Recommended
CanceledJobExecutionCount
The number of job executions whose status has changed to
CANCELED within a time period that is determined by CloudWatch. The JobId dimension contains the ID of the job.Count
Sum
Region, JobId
CanceledJobExecutionTotalCount
The total number of job executions whose status is
CANCELED for the given job. The JobId dimension contains the ID of the job.Count
Sum
Region, JobId
ClientError
The number of client errors generated while executing the job. The
JobId dimension contains the ID of the job.Count
Sum
Region, JobId
Connect.AuthError
The number of connection requests that could not be authorized by the message broker. The
Protocol dimension contains the protocol used to send the CONNECT message.Count
Sum
Region, Protocol
Connect.ClientError
The number of connection requests rejected because the MQTT message did not meet the requirements defined in AWS IoT quotas. The
Protocol dimension contains the protocol used to send the CONNECT message.Count
Sum
Region, Protocol
Connect.ServerError
The number of connection requests that failed because an internal error occurred. The
Protocol dimension contains the protocol used to send the CONNECT message.Count
Sum
Region, Protocol
Connect.Success
The number of successful connections to the message broker. The
Protocol dimension contains the protocol used to send the CONNECT message.Count
Sum
Region, Protocol
Connect.Throttle
The number of connection requests that were throttled because the account exceeded the allowed connect request rate. The
Protocol dimension contains the protocol used to send the CONNECT message.Count
Sum
Region, Protocol
DeleteThingShadow.Accepted
The number of
DeleteThingShadow requests processed successfully. The Protocol dimension contains the protocol used to make the request.Count
Sum
Region, Protocol
FailedJobExecutionCount
The number of job executions whose status has changed to
FAILED within a time period that is determined by CloudWatch. The JobId dimension contains the ID of the job.Count
Sum
Region, JobId
FailedJobExecutionTotalCount
The total number of job executions whose status is
FAILED for the given job. The JobId dimension contains the ID of the job.Count
Sum
Region, JobId
Failure
The number of failed rule action invocations. The
RuleName dimension contains the name of the rule that specifies the action. The ActionType dimension contains the type of action that was invoked.Count
Sum
Region, RuleName, ActionType
GetThingShadow.Accepted
The number of
GetThingShadow requests processed successfully. The Protocol dimension contains the protocol used to make the request.Count
Sum
Region, Protocol
InProgressJobExecutionCount
The number of job executions whose status has changed to
IN_PROGRESS within a time period that is determined by CloudWatch. The JobId dimension contains the ID of the job.Count
Sum
Region, JobId
InProgressJobExecutionTotalCount
The total number of job executions whose status is
IN_PROGRESS for the given job. The JobId dimension contains the ID of the job.Count
Sum
Region, JobId
NumLogBatchesFailedToPublishThrottled
The singular batch of log events that has failed to publish due to throttling errors
Count
Sum
Region
NumLogEventsFailedToPublishThrottled
The number of log events within the batch that have failed to publish due to throttling errors
Count
Sum
Region
ParseError
The number of JSON parse errors that occurred in messages published on a topic on which a rule is listening. The
RuleName dimension contains the name of the rule.Count
Sum
Region, RuleName
Ping.Success
The number of ping messages received by the message broker. The
Protocol dimension contains the protocol used to send the ping message.Count
Sum
Region, Protocol
PublishIn.AuthError
The number of publish requests the message broker was unable to authorize. The
Protocol dimension contains the protocol used to publish the message.Count
Sum
Region, Protocol
PublishIn.ClientError
The number of publish requests rejected by the message broker because the message did not meet the requirements defined in AWS IoT quotas. The
Protocol dimension contains the protocol used to publish the message.Count
Sum
Region, Protocol
PublishIn.ServerError
The number of publish requests the message broker failed to process because an internal error occurred. The
Protocol dimension contains the protocol used to send the PUBLISH message.Count
Sum
Region, Protocol