Dynatrace ingests metrics for multiple preselected namespaces, including Amazon Route 53. You can view metrics for each service instance, split metrics into multiple dimensions, and create custom charts that you can pin to your dashboards.
To enable monitoring for this service, you need
For role-based access in a SaaS deployment, you need an Environment ActiveGate installed on an Amazon EC2 host.
Dynatrace version 1.201+
An updated AWS monitoring policy to include the additional AWS services.
To update the AWS IAM policy, use the JSON below, containing the monitoring policy (permissions) for all supporting services.
{"Version": "2012-10-17","Statement": [{"Sid": "VisualEditor0","Effect": "Allow","Action": ["acm-pca:ListCertificateAuthorities","apigateway:GET","apprunner:ListServices","appstream:DescribeFleets","appsync:ListGraphqlApis","athena:ListWorkGroups","autoscaling:DescribeAutoScalingGroups","cloudformation:ListStackResources","cloudfront:ListDistributions","cloudhsm:DescribeClusters","cloudsearch:DescribeDomains","cloudwatch:GetMetricData","cloudwatch:GetMetricStatistics","cloudwatch:ListMetrics","codebuild:ListProjects","datasync:ListTasks","dax:DescribeClusters","directconnect:DescribeConnections","dms:DescribeReplicationInstances","dynamodb:ListTables","dynamodb:ListTagsOfResource","ec2:DescribeAvailabilityZones","ec2:DescribeInstances","ec2:DescribeNatGateways","ec2:DescribeSpotFleetRequests","ec2:DescribeTransitGateways","ec2:DescribeVolumes","ec2:DescribeVpnConnections","ecs:ListClusters","eks:ListClusters","elasticache:DescribeCacheClusters","elasticbeanstalk:DescribeEnvironmentResources","elasticbeanstalk:DescribeEnvironments","elasticfilesystem:DescribeFileSystems","elasticloadbalancing:DescribeInstanceHealth","elasticloadbalancing:DescribeListeners","elasticloadbalancing:DescribeLoadBalancers","elasticloadbalancing:DescribeRules","elasticloadbalancing:DescribeTags","elasticloadbalancing:DescribeTargetHealth","elasticmapreduce:ListClusters","elastictranscoder:ListPipelines","es:ListDomainNames","events:ListEventBuses","firehose:ListDeliveryStreams","fsx:DescribeFileSystems","gamelift:ListFleets","glue:GetJobs","inspector:ListAssessmentTemplates","kafka:ListClusters","kinesis:ListStreams","kinesisanalytics:ListApplications","kinesisvideo:ListStreams","lambda:ListFunctions","lambda:ListTags","lex:GetBots","logs:DescribeLogGroups","mediaconnect:ListFlows","mediaconvert:DescribeEndpoints","mediapackage-vod:ListPackagingConfigurations","mediapackage:ListChannels","mediatailor:ListPlaybackConfigurations","opsworks:DescribeStacks","qldb:ListLedgers","rds:DescribeDBClusters","rds:DescribeDBInstances","rds:DescribeEvents","rds:ListTagsForResource","redshift:DescribeClusters","robomaker:ListSimulationJobs","route53:ListHostedZones","route53resolver:ListResolverEndpoints","s3:ListAllMyBuckets","sagemaker:ListEndpoints","sns:ListTopics","sqs:ListQueues","storagegateway:ListGateways","sts:GetCallerIdentity","swf:ListDomains","tag:GetResources","tag:GetTagKeys","transfer:ListServers","workmail:ListOrganizations","workspaces:DescribeWorkspaces"],"Resource": "*"}]}
If you don't want to add permissions to all services, and just select permissions for certain services, consult the table below. The table contains a set of permissions that are required for All AWS cloud services and, for each supporting service, a list of optional permissions specific to that service.
"cloudwatch:GetMetricData"
"cloudwatch:GetMetricStatistics"
"cloudwatch:ListMetrics"
"sts:GetCallerIdentity"
"tag:GetResources"
"tag:GetTagKeys"
"ec2:DescribeAvailabilityZones"
cloudwatch:GetMetricData
,cloudwatch:GetMetricStatistics
,cloudwatch:ListMetrics
,sts:GetCallerIdentity
,tag:GetResources
,tag:GetTagKeys
,ec2:DescribeAvailabilityZones
acm-pca:ListCertificateAuthorities
apigateway:GET
apprunner:ListServices
appstream:DescribeFleets
appsync:ListGraphqlApis
athena:ListWorkGroups
rds:DescribeDBClusters
autoscaling:DescribeAutoScalingGroups
autoscaling:DescribeAutoScalingGroups
cloudfront:ListDistributions
cloudhsm:DescribeClusters
cloudsearch:DescribeDomains
codebuild:ListProjects
eks:ListClusters
datasync:ListTasks
dax:DescribeClusters
dms:DescribeReplicationInstances
rds:DescribeDBClusters
directconnect:DescribeConnections
dynamodb:ListTables
dynamodb:ListTables
,dynamodb:ListTagsOfResource
ec2:DescribeVolumes
ec2:DescribeVolumes
ec2:DescribeInstances
ec2:DescribeSpotFleetRequests
ecs:ListClusters
ecs:ListClusters
elasticache:DescribeCacheClusters
elasticbeanstalk:DescribeEnvironments
elasticfilesystem:DescribeFileSystems
elasticmapreduce:ListClusters
es:ListDomainNames
elastictranscoder:ListPipelines
elasticloadbalancing:DescribeInstanceHealth
,elasticloadbalancing:DescribeListeners
,elasticloadbalancing:DescribeLoadBalancers
,elasticloadbalancing:DescribeRules
,elasticloadbalancing:DescribeTags
,elasticloadbalancing:DescribeTargetHealth
events:ListEventBuses
fsx:DescribeFileSystems
gamelift:ListFleets
glue:GetJobs
inspector:ListAssessmentTemplates
kafka:ListClusters
kinesisanalytics:ListApplications
firehose:ListDeliveryStreams
kinesis:ListStreams
kinesisvideo:ListStreams
lambda:ListFunctions
lambda:ListFunctions
,lambda:ListTags
lex:GetBots
elasticloadbalancing:DescribeInstanceHealth
,elasticloadbalancing:DescribeListeners
,elasticloadbalancing:DescribeLoadBalancers
,elasticloadbalancing:DescribeRules
,elasticloadbalancing:DescribeTags
,elasticloadbalancing:DescribeTargetHealth
logs:DescribeLogGroups
mediaconnect:ListFlows
mediaconvert:DescribeEndpoints
mediapackage:ListChannels
mediapackage-vod:ListPackagingConfigurations
mediatailor:ListPlaybackConfigurations
ec2:DescribeNatGateways
rds:DescribeDBClusters
opsworks:DescribeStacks
qldb:ListLedgers
rds:DescribeDBInstances
rds:DescribeDBInstances
,rds:DescribeEvents
,rds:ListTagsForResource
redshift:DescribeClusters
robomaker:ListSimulationJobs
route53:ListHostedZones
route53resolver:ListResolverEndpoints
s3:ListAllMyBuckets
s3:ListAllMyBuckets
sagemaker:ListEndpoints
sagemaker:ListEndpoints
sns:ListTopics
sqs:ListQueues
storagegateway:ListGateways
swf:ListDomains
transfer:ListServers
ec2:DescribeTransitGateways
ec2:DescribeVpnConnections
workmail:ListOrganizations
workspaces:DescribeWorkspaces
Example of JSON policy for one single service.
{"Version": "2012-10-17","Statement": [{"Sid": "VisualEditor0","Effect": "Allow","Action": ["apigateway:GET","cloudwatch:GetMetricData","cloudwatch:GetMetricStatistics","cloudwatch:ListMetrics","sts:GetCallerIdentity","tag:GetResources","tag:GetTagKeys","ec2:DescribeAvailabilityZones"],"Resource": "*"}]}
In this example, from the complete list of permissions you need to select
"apigateway:GET"
for Amazon API Gateway"cloudwatch:GetMetricData"
, "cloudwatch:GetMetricStatistics"
, "cloudwatch:ListMetrics"
, "sts:GetCallerIdentity"
, "tag:GetResources"
, "tag:GetTagKeys"
, and "ec2:DescribeAvailabilityZones"
for All AWS cloud services.autoscaling.<REGION>.amazonaws.com
lambda.<REGION>.amazonaws.com
elasticloadbalancing.<REGION>.amazonaws.com
dynamodb.<REGION>.amazonaws.com
ec2.<REGION>.amazonaws.com
rds.<REGION>.amazonaws.com
s3.<REGION>.amazonaws.com
acm-pca.<REGION>.amazonaws.com
apigateway.<REGION>.amazonaws.com
apprunner.<REGION>.amazonaws.com
appstream2.<REGION>.amazonaws.com
appsync.<REGION>.amazonaws.com
athena.<REGION>.amazonaws.com
cloudfront.amazonaws.com
cloudhsmv2.<REGION>.amazonaws.com
cloudsearch.<REGION>.amazonaws.com
codebuild.<REGION>.amazonaws.com
datasync.<REGION>.amazonaws.com
dax.<REGION>.amazonaws.com
dms.<REGION>.amazonaws.com
directconnect.<REGION>.amazonaws.com
ecs.<REGION>.amazonaws.com
elasticfilesystem.<REGION>.amazonaws.com
eks.<REGION>.amazonaws.com
elasticache.<REGION>.amazonaws.com
elasticbeanstalk.<REGION>.amazonaws.com
elastictranscoder.<REGION>.amazonaws.com
es.<REGION>.amazonaws.com
events.<REGION>.amazonaws.com
fsx.<REGION>.amazonaws.com
gamelift.<REGION>.amazonaws.com
glue.<REGION>.amazonaws.com
inspector.<REGION>.amazonaws.com
kafka.<REGION>.amazonaws.com
models.lex.<REGION>.amazonaws.com
logs.<REGION>.amazonaws.com
api.mediatailor.<REGION>.amazonaws.com
mediaconnect.<REGION>.amazonaws.com
mediapackage.<REGION>.amazonaws.com
mediapackage-vod.<REGION>.amazonaws.com
opsworks.<REGION>.amazonaws.com
qldb.<REGION>.amazonaws.com
redshift.<REGION>.amazonaws.com
robomaker.<REGION>.amazonaws.com
route53.amazonaws.com
route53resolver.<REGION>.amazonaws.com
api.sagemaker.<REGION>.amazonaws.com
sns.<REGION>.amazonaws.com
sqs.<REGION>.amazonaws.com
storagegateway.<REGION>.amazonaws.com
swf.<REGION>.amazonaws.com
transfer.<REGION>.amazonaws.com
workmail.<REGION>.amazonaws.com
workspaces.<REGION>.amazonaws.com
Route 53 is a global service; hosted zone metrics (for example, DNSQueries
) are available only in the us-east-1
region. To get hosted zone metrics, credentials must have at least the following permissions set for the us-east-1
region:
"ec2:DescribeAvailabilityZones"
"cloudwatch:GetMetricData"
"cloudwatch:ListMetrics"
To learn how to enable service monitoring, see Enable service monitoring.
You can view the service metrics in your Dynatrace environment either on the custom device overview page or on your Dashboards page.
To access the custom device overview page
After you add the service to monitoring, a preset dashboard containing all recommended metrics is automatically listed on your Dashboards page. To look for specific dashboards, filter by Preset and then by Name.
For existing monitored services, you might need to resave your credentials for the preset dashboard to appear on the Dashboards page. To resave your credentials, go to Settings > Cloud and virtualization > AWS, select the desired AWS instance, and then select Save.
You can't make changes on a preset dashboard directly, but you can clone and edit it. To clone a dashboard, open the browse menu (…) and select Clone.
To remove a dashboard from the dashboards page, you can hide it. To hide a dashboard, open the browse menu (…) and select Hide.
Hiding a dashboard doesn't affect other users.
To check the availability of preset dashboards for each AWS service, see the list below.
HostedZoneId
is the main dimension.
1
indicates healthy, and 0
indicates unhealthy