Amazon S3 (Simple Storage Service) (built-in) monitoring
Dynatrace ingests metrics for multiple preselected namespaces, including Amazon Simple Storage Service (Amazon S3) (built-in). You can view metrics for each service instance, split metrics into multiple dimensions, and create custom charts that you can pin to your dashboards.
Prerequisites
To enable monitoring for this service, you need:
-
Any version of ActiveGate in both Dynatrace SaaS and Managed deployments.
-
An updated AWS monitoring policy to include the additional AWS services.
To update the AWS IAM policy, use the JSON below, containing the monitoring policy (permissions) for all cloud services.
{"Version": "2012-10-17","Statement": [{"Sid": "VisualEditor0","Effect": "Allow","Action": ["acm-pca:ListCertificateAuthorities","apigateway:GET","apprunner:ListServices","appstream:DescribeFleets","appsync:ListGraphqlApis","athena:ListWorkGroups","autoscaling:DescribeAutoScalingGroups","cloudformation:ListStackResources","cloudfront:ListDistributions","cloudhsm:DescribeClusters","cloudsearch:DescribeDomains","cloudwatch:GetMetricData","cloudwatch:GetMetricStatistics","cloudwatch:ListMetrics","codebuild:ListProjects","datasync:ListTasks","dax:DescribeClusters","directconnect:DescribeConnections","dms:DescribeReplicationInstances","dynamodb:ListTables","dynamodb:ListTagsOfResource","ec2:DescribeAvailabilityZones","ec2:DescribeInstances","ec2:DescribeNatGateways","ec2:DescribeSpotFleetRequests","ec2:DescribeTransitGateways","ec2:DescribeVolumes","ec2:DescribeVpnConnections","ecs:ListClusters","eks:ListClusters","elasticache:DescribeCacheClusters","elasticbeanstalk:DescribeEnvironmentResources","elasticbeanstalk:DescribeEnvironments","elasticfilesystem:DescribeFileSystems","elasticloadbalancing:DescribeInstanceHealth","elasticloadbalancing:DescribeListeners","elasticloadbalancing:DescribeLoadBalancers","elasticloadbalancing:DescribeRules","elasticloadbalancing:DescribeTags","elasticloadbalancing:DescribeTargetHealth","elasticmapreduce:ListClusters","elastictranscoder:ListPipelines","es:ListDomainNames","events:ListEventBuses","firehose:ListDeliveryStreams","fsx:DescribeFileSystems","gamelift:ListFleets","glue:GetJobs","inspector:ListAssessmentTemplates","kafka:ListClusters","kinesis:ListStreams","kinesisanalytics:ListApplications","kinesisvideo:ListStreams","lambda:ListFunctions","lambda:ListTags","lex:GetBots","logs:DescribeLogGroups","mediaconnect:ListFlows","mediaconvert:DescribeEndpoints","mediapackage-vod:ListPackagingConfigurations","mediapackage:ListChannels","mediatailor:ListPlaybackConfigurations","opsworks:DescribeStacks","qldb:ListLedgers","rds:DescribeDBClusters","rds:DescribeDBInstances","rds:DescribeEvents","rds:ListTagsForResource","redshift:DescribeClusters","robomaker:ListSimulationJobs","route53:ListHostedZones","route53resolver:ListResolverEndpoints","s3:ListAllMyBuckets","sagemaker:ListEndpoints","sns:ListTopics","sqs:ListQueues","storagegateway:ListGateways","sts:GetCallerIdentity","swf:ListDomains","tag:GetResources","tag:GetTagKeys","transfer:ListServers","workmail:ListOrganizations","workspaces:DescribeWorkspaces"],"Resource": "*"}]}
If you don't want to add permissions to all services, and just select permissions for certain services, consult the table below. The table contains a set of permissions that are required for All AWS cloud services and, for each cloud service, a list of optional permissions specific to that service.
Permissions required for AWS monitoring integration:
"cloudwatch:GetMetricData""cloudwatch:GetMetricStatistics""cloudwatch:ListMetrics""sts:GetCallerIdentity""tag:GetResources""tag:GetTagKeys""ec2:DescribeAvailabilityZones"
Name
Permissions
All monitored Amazon services required
cloudwatch:GetMetricData,cloudwatch:GetMetricStatistics,cloudwatch:ListMetrics,sts:GetCallerIdentity,tag:GetResources,tag:GetTagKeys,ec2:DescribeAvailabilityZonesAWS Certificate Manager Private Certificate Authority
acm-pca:ListCertificateAuthoritiesAmazon MQ
Amazon API Gateway
apigateway:GETAWS App Runner
apprunner:ListServicesAmazon AppStream
appstream:DescribeFleetsAWS AppSync
appsync:ListGraphqlApisAmazon Athena
athena:ListWorkGroupsAmazon Aurora
rds:DescribeDBClustersAmazon EC2 Auto Scaling
autoscaling:DescribeAutoScalingGroupsAmazon EC2 Auto Scaling (built-in)
autoscaling:DescribeAutoScalingGroupsAWS Billing
Amazon Keyspaces
AWS Chatbot
Amazon CloudFront
cloudfront:ListDistributionsAWS CloudHSM
cloudhsm:DescribeClustersAmazon CloudSearch
cloudsearch:DescribeDomainsAWS CodeBuild
codebuild:ListProjectsAmazon Cognito
Amazon Connect
Amazon Elastic Kubernetes Service (EKS)
eks:ListClustersAWS DataSync
datasync:ListTasksAmazon DynamoDB Accelerator (DAX)
dax:DescribeClustersAWS Database Migration Service (AWS DMS)
dms:DescribeReplicationInstancesAmazon DocumentDB
rds:DescribeDBClustersAWS Direct Connect
directconnect:DescribeConnectionsAmazon DynamoDB
dynamodb:ListTablesAmazon DynamoDB (built-in)
dynamodb:ListTables,dynamodb:ListTagsOfResourceAmazon EBS
ec2:DescribeVolumesAmazon EBS (built-in)
ec2:DescribeVolumesAmazon EC2 API
Amazon EC2 (built-in)
ec2:DescribeInstancesAmazon EC2 Spot Fleet
ec2:DescribeSpotFleetRequestsAmazon Elastic Container Service (ECS)
ecs:ListClustersAmazon ECS Container Insights
ecs:ListClustersAmazon ElastiCache (EC)
elasticache:DescribeCacheClustersAWS Elastic Beanstalk
elasticbeanstalk:DescribeEnvironmentsAmazon Elastic File System (EFS)
elasticfilesystem:DescribeFileSystemsAmazon Elastic Inference
Amazon Elastic Map Reduce (EMR)
elasticmapreduce:ListClustersAmazon Elasticsearch Service (ES)
es:ListDomainNamesAmazon Elastic Transcoder
elastictranscoder:ListPipelinesAmazon Elastic Load Balancer (ELB) (built-in)
elasticloadbalancing:DescribeInstanceHealth,elasticloadbalancing:DescribeListeners,elasticloadbalancing:DescribeLoadBalancers,elasticloadbalancing:DescribeRules,elasticloadbalancing:DescribeTags,elasticloadbalancing:DescribeTargetHealthAmazon EventBridge
events:ListEventBusesAmazon FSx
fsx:DescribeFileSystemsAmazon GameLift
gamelift:ListFleetsAWS Glue
glue:GetJobsAmazon Inspector
inspector:ListAssessmentTemplatesAWS Internet of Things (IoT)
AWS IoT Analytics
Amazon Managed Streaming for Kafka
kafka:ListClustersAmazon Kinesis Data Analytics
kinesisanalytics:ListApplicationsAmazon Data Firehose
firehose:ListDeliveryStreamsAmazon Kinesis Data Streams
kinesis:ListStreamsAmazon Kinesis Video Streams
kinesisvideo:ListStreamsAWS Lambda
lambda:ListFunctionsAWS Lambda (built-in)
lambda:ListFunctions,lambda:ListTagsAmazon Lex
lex:GetBotsAmazon Application and Network Load Balancer (built-in)
elasticloadbalancing:DescribeInstanceHealth,elasticloadbalancing:DescribeListeners,elasticloadbalancing:DescribeLoadBalancers,elasticloadbalancing:DescribeRules,elasticloadbalancing:DescribeTags,elasticloadbalancing:DescribeTargetHealthAmazon CloudWatch Logs
logs:DescribeLogGroupsAWS Elemental MediaConnect
mediaconnect:ListFlowsAWS Elemental MediaConvert
mediaconvert:DescribeEndpointsAWS Elemental MediaPackage Live
mediapackage:ListChannelsAWS Elemental MediaPackage Video on Demand
mediapackage-vod:ListPackagingConfigurationsAWS Elemental MediaTailor
mediatailor:ListPlaybackConfigurationsAmazon VPC NAT Gateways
ec2:DescribeNatGatewaysAmazon Neptune
rds:DescribeDBClustersAWS OpsWorks
opsworks:DescribeStacksAmazon Polly
Amazon QLDB
qldb:ListLedgersAmazon RDS
rds:DescribeDBInstancesAmazon RDS (built-in)
rds:DescribeDBInstances,rds:DescribeEvents,rds:ListTagsForResourceAmazon Redshift
redshift:DescribeClustersAmazon Rekognition
AWS RoboMaker
robomaker:ListSimulationJobsAmazon Route 53
route53:ListHostedZonesAmazon Route 53 Resolver
route53resolver:ListResolverEndpointsAmazon S3
s3:ListAllMyBucketsAmazon S3 (built-in)
s3:ListAllMyBucketsAmazon SageMaker Batch Transform Jobs
Amazon SageMaker Endpoint Instances
sagemaker:ListEndpointsAmazon SageMaker Endpoints
sagemaker:ListEndpointsAmazon SageMaker Ground Truth
Amazon SageMaker Processing Jobs
Amazon SageMaker Training Jobs
AWS Service Catalog
Amazon Simple Email Service (SES)
Amazon Simple Notification Service (SNS)
sns:ListTopicsAmazon Simple Queue Service (SQS)
sqs:ListQueuesAWS Systems Manager - Run Command
AWS Step Functions
AWS Storage Gateway
storagegateway:ListGatewaysAmazon SWF
swf:ListDomainsAmazon Textract
AWS IoT Things Graph
AWS Transfer Family
transfer:ListServersAWS Transit Gateway
ec2:DescribeTransitGatewaysAmazon Translate
AWS Trusted Advisor
AWS API Usage
AWS Site-to-Site VPN
ec2:DescribeVpnConnectionsAWS WAF Classic
AWS WAF
Amazon WorkMail
workmail:ListOrganizationsAmazon WorkSpaces
workspaces:DescribeWorkspacesExample of JSON policy for one single service.
{"Version": "2012-10-17","Statement": [{"Sid": "VisualEditor0","Effect": "Allow","Action": ["apigateway:GET","cloudwatch:GetMetricData","cloudwatch:GetMetricStatistics","cloudwatch:ListMetrics","sts:GetCallerIdentity","tag:GetResources","tag:GetTagKeys","ec2:DescribeAvailabilityZones"],"Resource": "*"}]}
In this example, from the complete list of permissions you need to select
-
"apigateway:GET"for Amazon API Gateway -
"cloudwatch:GetMetricData","cloudwatch:GetMetricStatistics","cloudwatch:ListMetrics","sts:GetCallerIdentity","tag:GetResources","tag:GetTagKeys", and"ec2:DescribeAvailabilityZones"for All AWS cloud services. -
To disable monitoring of built-in services, you need Environment ActiveGate version 1.245+ and Dynatrace version 1.247+.
Enable monitoring
To learn how to enable service monitoring, see Enable service monitoring.
Built-in services specifics
This is a built-in service. It's monitored out-of-the-box once a new AWS integration instance is created. For built-in services, all metrics are recommended (changing configuration is not possible).
Example of AWS built-in monitoring service
Available metrics
There are no metrics specific to Amazon Simple Storage Service (built-in), but Amazon S3 metrics can be obtained through the Amazon Simple Storage Service (non-built-in).