AWS Lambda (built-in)

Dynatrace ingests metrics for multiple preselected namespaces, including AWS Lambda. You can view metrics for each service instance, split metrics into multiple dimensions, and create custom charts that you can pin to your dashboards.

Prerequisites

To enable monitoring for this service, you need:

  • Any version of ActiveGate in both Dynatrace SaaS and Managed deployments.

    For role-based access (whether in a SaaS or Managed deployment), you need an ActiveGate installed on an Amazon EC2 host.

  • An updated AWS monitoring policy to include the additional AWS services.
    To update the AWS IAM policy, use the JSON below, containing the monitoring policy (permissions) for all cloud services.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "VisualEditor0",
      "Effect": "Allow",
      "Action": [
        "acm-pca:ListCertificateAuthorities",
        "apigateway:GET",
        "apprunner:ListServices",
        "appstream:DescribeFleets",
        "appsync:ListGraphqlApis",
        "athena:ListWorkGroups",
        "autoscaling:DescribeAutoScalingGroups",
        "cloudformation:ListStackResources",
        "cloudfront:ListDistributions",
        "cloudhsm:DescribeClusters",
        "cloudsearch:DescribeDomains",
        "cloudwatch:GetMetricData",
        "cloudwatch:GetMetricStatistics",
        "cloudwatch:ListMetrics",
        "codebuild:ListProjects",
        "datasync:ListTasks",
        "dax:DescribeClusters",
        "directconnect:DescribeConnections",
        "dms:DescribeReplicationInstances",
        "dynamodb:ListTables",
        "dynamodb:ListTagsOfResource",
        "ec2:DescribeAvailabilityZones",
        "ec2:DescribeInstances",
        "ec2:DescribeNatGateways",
        "ec2:DescribeSpotFleetRequests",
        "ec2:DescribeTransitGateways",
        "ec2:DescribeVolumes",
        "ec2:DescribeVpnConnections",
        "ecs:ListClusters",
        "eks:ListClusters",
        "elasticache:DescribeCacheClusters",
        "elasticbeanstalk:DescribeEnvironmentResources",
        "elasticbeanstalk:DescribeEnvironments",
        "elasticfilesystem:DescribeFileSystems",
        "elasticloadbalancing:DescribeInstanceHealth",
        "elasticloadbalancing:DescribeListeners",
        "elasticloadbalancing:DescribeLoadBalancers",
        "elasticloadbalancing:DescribeRules",
        "elasticloadbalancing:DescribeTags",
        "elasticloadbalancing:DescribeTargetHealth",
        "elasticmapreduce:ListClusters",
        "elastictranscoder:ListPipelines",
        "es:ListDomainNames",
        "events:ListEventBuses",
        "firehose:ListDeliveryStreams",
        "fsx:DescribeFileSystems",
        "gamelift:ListFleets",
        "glue:GetJobs",
        "inspector:ListAssessmentTemplates",
        "kafka:ListClusters",
        "kinesis:ListStreams",
        "kinesisanalytics:ListApplications",
        "kinesisvideo:ListStreams",
        "lambda:ListFunctions",
        "lambda:ListTags",
        "lex:GetBots",
        "logs:DescribeLogGroups",
        "mediaconnect:ListFlows",
        "mediaconvert:DescribeEndpoints",
        "mediapackage-vod:ListPackagingConfigurations",
        "mediapackage:ListChannels",
        "mediatailor:ListPlaybackConfigurations",
        "opsworks:DescribeStacks",
        "qldb:ListLedgers",
        "rds:DescribeDBClusters",
        "rds:DescribeDBInstances",
        "rds:DescribeEvents",
        "rds:ListTagsForResource",
        "redshift:DescribeClusters",
        "robomaker:ListSimulationJobs",
        "route53:ListHostedZones",
        "route53resolver:ListResolverEndpoints",
        "s3:ListAllMyBuckets",
        "sagemaker:ListEndpoints",
        "sns:ListTopics",
        "sqs:ListQueues",
        "storagegateway:ListGateways",
        "sts:GetCallerIdentity",
        "swf:ListDomains",
        "tag:GetResources",
        "tag:GetTagKeys",
        "transfer:ListServers",
        "workmail:ListOrganizations",
        "workspaces:DescribeWorkspaces"
      ],
      "Resource": "*"
    }
  ]
}

If you don't want to add permissions to all services, and just select permissions for certain services, consult the table below. The table contains a set of permissions that are required for All AWS cloud services and, for each cloud service, a list of optional permissions specific to that service.

Permissions required for AWS monitoring integration:
  • "cloudwatch:GetMetricData"
  • "cloudwatch:GetMetricStatistics"
  • "cloudwatch:ListMetrics"
  • "sts:GetCallerIdentity"
  • "tag:GetResources"
  • "tag:GetTagKeys"
  • "ec2:DescribeAvailabilityZones"
Name
Permissions
All monitored Amazon services required
cloudwatch:GetMetricData,
cloudwatch:GetMetricStatistics,
cloudwatch:ListMetrics,
sts:GetCallerIdentity,
tag:GetResources,
tag:GetTagKeys,
ec2:DescribeAvailabilityZones
AWS Certificate Manager Private Certificate Authority
acm-pca:ListCertificateAuthorities
Amazon MQ
Amazon API Gateway
apigateway:GET
AWS App Runner
apprunner:ListServices
Amazon AppStream
appstream:DescribeFleets

Example of JSON policy for one single service.

{
  "Version": "2012-10-17",
  "Statement": [
          {
                  "Sid": "VisualEditor0",
                  "Effect": "Allow",
                  "Action": [
                          "apigateway:GET",
                          "cloudwatch:GetMetricData",
                          "cloudwatch:GetMetricStatistics",
                          "cloudwatch:ListMetrics",
                          "sts:GetCallerIdentity",
                          "tag:GetResources",
                          "tag:GetTagKeys",
                          "ec2:DescribeAvailabilityZones"
                  ],
                  "Resource": "*"
          }
      ]
}

In this example, from the complete list of permissions you need to select

  • "apigateway:GET" for Amazon API Gateway

  • "cloudwatch:GetMetricData", "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics", "sts:GetCallerIdentity", "tag:GetResources", "tag:GetTagKeys", and "ec2:DescribeAvailabilityZones" for All AWS cloud services.

  • To disable monitoring of built-in services, you need Environment ActiveGate version 1.245+ and Dynatrace version 1.247+.

Endpoint
Service
autoscaling.<REGION>.amazonaws.com
Amazon EC2 Auto Scaling (built-in), Amazon EC2 Auto Scaling
lambda.<REGION>.amazonaws.com
AWS Lambda (built-in), AWS Lambda
elasticloadbalancing.<REGION>.amazonaws.com
Amazon Application and Network Load Balancer (built-in), Amazon Elastic Load Balancer (ELB) (built-in)
dynamodb.<REGION>.amazonaws.com
Amazon DynamoDB (built-in), Amazon DynamoDB
ec2.<REGION>.amazonaws.com
Amazon EBS (built-in), Amazon EC2 (built-in), Amazon EBS, Amazon EC2 Spot Fleet, Amazon VPC NAT Gateways, AWS Transit Gateway, AWS Site-to-Site VPN
rds.<REGION>.amazonaws.com
Amazon RDS (built-in), Amazon Aurora, Amazon DocumentDB, Amazon Neptune, Amazon RDS

Enable monitoring

To learn how to enable service monitoring, see Enable service monitoring.

View service metrics

You can view the service metrics in your Dynatrace environment either on the AWS account page or on your Dashboards page.

View metrics on the AWS account page

To view metrics on the AWS account page

  1. Go to AWS or AWS Classic (latest Dynatrace).
  2. Choose AWS account you want to check metrics for.
  3. Select Service box. Metrics for the selected service are visible under the infographic in the service section.

View metrics on the Dashboard

You can also create your own dashboard. For more information on how to create dashboards, go to Create and edit Dynatrace dashboards

Example of AWS built-in monitoring service

example of AWS builtin monitoring service

Built-in services specifics

This is a built-in service. It's monitored out-of-the-box once a new AWS integration instance is created. For built-in services, all metrics are recommended (changing configuration is not possible).

Available metrics

FunctionName is the main dimension.

Metric keyNameUnitAggregationsMonitoring consumption
builtin:cloud.aws.lambda.concExecutions

LambdaFunction concurrent executions count

CountautoavgcountmaxminsumDDUs
builtin:cloud.aws.lambda.duration

LambdaFunction code execution time.

MillisecondautoavgcountmaxminsumDDUs
builtin:cloud.aws.lambda.errors

LambdaFunction number of failed invocations with HTTP 4XX status code

CountautovalueDDUs
builtin:cloud.aws.lambda.errorsRate

LambdaFunction rate of failed invocations to all invocations %

Percent (%)autoavgmaxminDDUs
builtin:cloud.aws.lambda.invocations

LambdaFunction number of times a function is invoked

CountautovalueDDUs
builtin:cloud.aws.lambda.provConcExecutions

LambdaFunction provisioned concurrent executions count

CountautovalueDDUs
builtin:cloud.aws.lambda.provConcInvocations

LambdaFunction provisioned concurrency invocation count

CountautovalueDDUs
builtin:cloud.aws.lambda.provConcSpilloverInvocations

LambdaFunction provisioned concurrency spillover invocation count

CountautovalueDDUs
builtin:cloud.aws.lambda.throttlers

LambdaFunction throttled function invocation count

CountautovalueDDUs