AWS Step Functions monitoring

How-to guide
5-min read
Published Jul 06, 2020

Dynatrace ingests metrics for multiple preselected namespaces, including AWS Step Functions. You can view metrics for each service instance, split metrics into multiple dimensions, and create custom charts that you can pin to your dashboards.

Prerequisites

To enable monitoring for this service, you need

ActiveGate version 1.197+

For Dynatrace SaaS deployments, you need an Environment ActiveGate or a Multi-environment ActiveGate.

For role-based access in SaaS deployment, you need an Environment ActiveGate installed on an Amazon EC2 host.

Dynatrace version 1.200+
An updated AWS monitoring policy to include the additional AWS services.

To update the AWS IAM policy, use the JSON below, containing the monitoring policy (permissions) for all supporting services.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "VisualEditor0",
      "Effect": "Allow",
      "Action": [
        "acm-pca:ListCertificateAuthorities",
        "apigateway:GET",
        "apprunner:ListServices",
        "appstream:DescribeFleets",
        "appsync:ListGraphqlApis",
        "athena:ListWorkGroups",
        "autoscaling:DescribeAutoScalingGroups",
        "cloudformation:ListStackResources",
        "cloudfront:ListDistributions",
        "cloudhsm:DescribeClusters",
        "cloudsearch:DescribeDomains",
        "cloudwatch:GetMetricData",
        "cloudwatch:GetMetricStatistics",
        "cloudwatch:ListMetrics",
        "codebuild:ListProjects",
        "datasync:ListTasks",
        "dax:DescribeClusters",
        "directconnect:DescribeConnections",
        "dms:DescribeReplicationInstances",
        "dynamodb:ListTables",
        "dynamodb:ListTagsOfResource",
        "ec2:DescribeAvailabilityZones",
        "ec2:DescribeInstances",
        "ec2:DescribeNatGateways",
        "ec2:DescribeSpotFleetRequests",
        "ec2:DescribeTransitGateways",
        "ec2:DescribeVolumes",
        "ec2:DescribeVpnConnections",
        "ecs:ListClusters",
        "eks:ListClusters",
        "elasticache:DescribeCacheClusters",
        "elasticbeanstalk:DescribeEnvironmentResources",
        "elasticbeanstalk:DescribeEnvironments",
        "elasticfilesystem:DescribeFileSystems",
        "elasticloadbalancing:DescribeInstanceHealth",
        "elasticloadbalancing:DescribeListeners",
        "elasticloadbalancing:DescribeLoadBalancers",
        "elasticloadbalancing:DescribeRules",
        "elasticloadbalancing:DescribeTags",
        "elasticloadbalancing:DescribeTargetHealth",
        "elasticmapreduce:ListClusters",
        "elastictranscoder:ListPipelines",
        "es:ListDomainNames",
        "events:ListEventBuses",
        "firehose:ListDeliveryStreams",
        "fsx:DescribeFileSystems",
        "gamelift:ListFleets",
        "glue:GetJobs",
        "inspector:ListAssessmentTemplates",
        "kafka:ListClusters",
        "kinesis:ListStreams",
        "kinesisanalytics:ListApplications",
        "kinesisvideo:ListStreams",
        "lambda:ListFunctions",
        "lambda:ListTags",
        "lex:GetBots",
        "logs:DescribeLogGroups",
        "mediaconnect:ListFlows",
        "mediaconvert:DescribeEndpoints",
        "mediapackage-vod:ListPackagingConfigurations",
        "mediapackage:ListChannels",
        "mediatailor:ListPlaybackConfigurations",
        "opsworks:DescribeStacks",
        "qldb:ListLedgers",
        "rds:DescribeDBClusters",
        "rds:DescribeDBInstances",
        "rds:DescribeEvents",
        "rds:ListTagsForResource",
        "redshift:DescribeClusters",
        "robomaker:ListSimulationJobs",
        "route53:ListHostedZones",
        "route53resolver:ListResolverEndpoints",
        "s3:ListAllMyBuckets",
        "sagemaker:ListEndpoints",
        "sns:ListTopics",
        "sqs:ListQueues",
        "storagegateway:ListGateways",
        "sts:GetCallerIdentity",
        "swf:ListDomains",
        "tag:GetResources",
        "tag:GetTagKeys",
        "transfer:ListServers",
        "workmail:ListOrganizations",
        "workspaces:DescribeWorkspaces"
      ],
      "Resource": "*"
    }
  ]
}

If you don't want to add permissions to all services, and just select permissions for certain services, consult the table below. The table contains a set of permissions that are required for All AWS cloud services and, for each supporting service, a list of optional permissions specific to that service.

Permissions required for AWS monitoring integration:

"cloudwatch:GetMetricData"
"cloudwatch:GetMetricStatistics"
"cloudwatch:ListMetrics"
"sts:GetCallerIdentity"
"tag:GetResources"
"tag:GetTagKeys"
"ec2:DescribeAvailabilityZones"

Name

Permissions

All monitored Amazon services required

cloudwatch:GetMetricData,
cloudwatch:GetMetricStatistics,
cloudwatch:ListMetrics,
sts:GetCallerIdentity,
tag:GetResources,
tag:GetTagKeys,
ec2:DescribeAvailabilityZones

AWS Certificate Manager Private Certificate Authority

acm-pca:ListCertificateAuthorities

Amazon MQ

Amazon API Gateway

apigateway:GET

AWS App Runner

apprunner:ListServices

Amazon AppStream

appstream:DescribeFleets

AWS AppSync

appsync:ListGraphqlApis

Amazon Athena

athena:ListWorkGroups

Amazon Aurora

rds:DescribeDBClusters

Amazon EC2 Auto Scaling

autoscaling:DescribeAutoScalingGroups

Amazon EC2 Auto Scaling (built-in)

autoscaling:DescribeAutoScalingGroups

AWS Billing

Amazon Keyspaces

AWS Chatbot

Amazon CloudFront

cloudfront:ListDistributions

AWS CloudHSM

cloudhsm:DescribeClusters

Amazon CloudSearch

cloudsearch:DescribeDomains

AWS CodeBuild

codebuild:ListProjects

Amazon Cognito

Amazon Connect

Amazon Elastic Kubernetes Service (EKS)

eks:ListClusters

AWS DataSync

datasync:ListTasks

Amazon DynamoDB Accelerator (DAX)

dax:DescribeClusters

AWS Database Migration Service (AWS DMS)

dms:DescribeReplicationInstances

Amazon DocumentDB

rds:DescribeDBClusters

AWS Direct Connect

directconnect:DescribeConnections

Amazon DynamoDB

dynamodb:ListTables

Amazon DynamoDB (built-in)

dynamodb:ListTables,
dynamodb:ListTagsOfResource

Amazon EBS

ec2:DescribeVolumes

Amazon EBS (built-in)

ec2:DescribeVolumes

Amazon EC2 API

Amazon EC2 (built-in)

ec2:DescribeInstances

Amazon EC2 Spot Fleet

ec2:DescribeSpotFleetRequests

Amazon Elastic Container Service (ECS)

ecs:ListClusters

Amazon ECS Container Insights

ecs:ListClusters

Amazon ElastiCache (EC)

elasticache:DescribeCacheClusters

AWS Elastic Beanstalk

elasticbeanstalk:DescribeEnvironments

Amazon Elastic File System (EFS)

elasticfilesystem:DescribeFileSystems

Amazon Elastic Inference

Amazon Elastic Map Reduce (EMR)

elasticmapreduce:ListClusters

Amazon Elasticsearch Service (ES)

es:ListDomainNames

Amazon Elastic Transcoder

elastictranscoder:ListPipelines

Amazon Elastic Load Balancer (ELB) (built-in)

elasticloadbalancing:DescribeInstanceHealth,
elasticloadbalancing:DescribeListeners,
elasticloadbalancing:DescribeLoadBalancers,
elasticloadbalancing:DescribeRules,
elasticloadbalancing:DescribeTags,
elasticloadbalancing:DescribeTargetHealth

Amazon EventBridge

events:ListEventBuses

Amazon FSx

fsx:DescribeFileSystems

Amazon GameLift

gamelift:ListFleets

AWS Glue

glue:GetJobs

Amazon Inspector

inspector:ListAssessmentTemplates

AWS Internet of Things (IoT)

AWS IoT Analytics

Amazon Managed Streaming for Kafka

kafka:ListClusters

Amazon Kinesis Data Analytics

kinesisanalytics:ListApplications

Amazon Data Firehose

firehose:ListDeliveryStreams

Amazon Kinesis Data Streams

kinesis:ListStreams

Amazon Kinesis Video Streams

kinesisvideo:ListStreams

AWS Lambda

lambda:ListFunctions

AWS Lambda (built-in)

lambda:ListFunctions,
lambda:ListTags

Amazon Lex

lex:GetBots

Amazon Application and Network Load Balancer (built-in)

Amazon CloudWatch Logs

logs:DescribeLogGroups

AWS Elemental MediaConnect

mediaconnect:ListFlows

AWS Elemental MediaConvert

mediaconvert:DescribeEndpoints

AWS Elemental MediaPackage Live

mediapackage:ListChannels

AWS Elemental MediaPackage Video on Demand

mediapackage-vod:ListPackagingConfigurations

AWS Elemental MediaTailor

mediatailor:ListPlaybackConfigurations

Amazon VPC NAT Gateways

ec2:DescribeNatGateways

Amazon Neptune

rds:DescribeDBClusters

AWS OpsWorks

opsworks:DescribeStacks

Amazon Polly

Amazon QLDB

qldb:ListLedgers

Amazon RDS

rds:DescribeDBInstances

Amazon RDS (built-in)

rds:DescribeDBInstances,
rds:DescribeEvents,
rds:ListTagsForResource

Amazon Redshift

redshift:DescribeClusters

Amazon Rekognition

AWS RoboMaker

robomaker:ListSimulationJobs

Amazon Route 53

route53:ListHostedZones

Amazon Route 53 Resolver

route53resolver:ListResolverEndpoints

Amazon S3

s3:ListAllMyBuckets

Amazon S3 (built-in)

s3:ListAllMyBuckets

Amazon SageMaker Batch Transform Jobs

Amazon SageMaker Endpoint Instances

sagemaker:ListEndpoints

Amazon SageMaker Endpoints

sagemaker:ListEndpoints

Amazon SageMaker Ground Truth

Amazon SageMaker Processing Jobs

Amazon SageMaker Training Jobs

AWS Service Catalog

Amazon Simple Email Service (SES)

Amazon Simple Notification Service (SNS)

sns:ListTopics

Amazon Simple Queue Service (SQS)

sqs:ListQueues

AWS Systems Manager - Run Command

AWS Step Functions

AWS Storage Gateway

storagegateway:ListGateways

Amazon SWF

swf:ListDomains

Amazon Textract

AWS IoT Things Graph

AWS Transfer Family

transfer:ListServers

AWS Transit Gateway

ec2:DescribeTransitGateways

Amazon Translate

AWS Trusted Advisor

AWS API Usage

AWS Site-to-Site VPN

ec2:DescribeVpnConnections

AWS WAF Classic

AWS WAF

Amazon WorkMail

workmail:ListOrganizations

Amazon WorkSpaces

workspaces:DescribeWorkspaces

Example of JSON policy for one single service.

{
  "Version": "2012-10-17",
  "Statement": [
          {
                  "Sid": "VisualEditor0",
                  "Effect": "Allow",
                  "Action": [
                          "apigateway:GET",
                          "cloudwatch:GetMetricData",
                          "cloudwatch:GetMetricStatistics",
                          "cloudwatch:ListMetrics",
                          "sts:GetCallerIdentity",
                          "tag:GetResources",
                          "tag:GetTagKeys",
                          "ec2:DescribeAvailabilityZones"
                  ],
                  "Resource": "*"
          }
      ]
}

In this example, from the complete list of permissions you need to select

"apigateway:GET" for Amazon API Gateway
"cloudwatch:GetMetricData", "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics", "sts:GetCallerIdentity", "tag:GetResources", "tag:GetTagKeys", and "ec2:DescribeAvailabilityZones" for All AWS cloud services.

Enable monitoring

To learn how to enable service monitoring, see Enable service monitoring.

View service metrics

You can view the service metrics in your Dynatrace environment either on the custom device overview page or on your Dashboards page.

View metrics on the custom device overview page

To access the custom device overview page

Go to Technologies & Processes Classic.
Filter by service name and select the relevant custom device group.
Once you select the custom device group, you're on the custom device group overview page.
The custom device group overview page lists all instances (custom devices) belonging to the group. Select an instance to view the custom device overview page.

View metrics on your dashboard

After you add the service to monitoring, a preset dashboard containing all recommended metrics is automatically listed on your Dashboards page. To look for specific dashboards, filter by Preset and then by Name.

For existing monitored services, you might need to resave your credentials for the preset dashboard to appear on the Dashboards page. To resave your credentials, go to Settings > Cloud and virtualization > AWS, select the desired AWS instance, and then select Save.

You can't make changes on a preset dashboard directly, but you can clone and edit it. To clone a dashboard, open the browse menu (…) and select Clone.

To remove a dashboard from the dashboards page, you can hide it. To hide a dashboard, open the browse menu (…) and select Hide.

Hiding a dashboard doesn't affect other users.

To check the availability of preset dashboards for each AWS service, see the list below.

AWS service

Preset dashboard

Amazon EC2 Auto Scaling (built-in)

AWS Lambda (built-in)

Amazon Application and Network Load Balancer (built-in)

Amazon DynamoDB (built-in)

Amazon EBS (built-in)

Amazon EC2 (built-in)

Amazon Elastic Load Balancer (ELB) (built-in)

Amazon RDS (built-in)

Amazon S3 (built-in)

AWS Certificate Manager Private Certificate Authority

All monitored Amazon services

Amazon API Gateway

AWS App Runner

Amazon AppStream

AWS AppSync

Amazon Athena

Amazon Aurora

Amazon EC2 Auto Scaling

AWS Billing

Amazon Keyspaces

AWS Chatbot

Amazon CloudFront

AWS CloudHSM

Amazon CloudSearch

AWS CodeBuild

Amazon Cognito

Amazon Connect

AWS DataSync

Amazon DynamoDB Accelerator (DAX)

AWS Database Migration Service (AWS DMS)

Amazon DocumentDB

AWS Direct Connect

Amazon DynamoDB

Amazon EBS

Amazon EC2 Spot Fleet

Amazon EC2 API

Amazon Elastic Container Service (ECS)

Amazon ECS Container Insights

Amazon Elastic File System (EFS)

Amazon Elastic Kubernetes Service (EKS)

Amazon ElastiCache (EC)

AWS Elastic Beanstalk

Amazon Elastic Inference

Amazon Elastic Transcoder

Amazon Elastic Map Reduce (EMR)

Amazon Elasticsearch Service (ES)

Amazon EventBridge

Amazon FSx

Amazon GameLift

AWS Glue

Amazon Inspector

AWS Internet of Things (IoT)

AWS IoT Things Graph

AWS IoT Analytics

Amazon Managed Streaming for Kafka

Amazon Kinesis Data Analytics

Amazon Data Firehose

Amazon Kinesis Data Streams

Amazon Kinesis Video Streams

AWS Lambda

Amazon Lex

Amazon CloudWatch Logs

AWS Elemental MediaTailor

AWS Elemental MediaConnect

AWS Elemental MediaConvert

AWS Elemental MediaPackage Live

AWS Elemental MediaPackage Video on Demand

Amazon MQ

Amazon VPC NAT Gateways

Amazon Neptune

AWS OpsWorks

Amazon Polly

Amazon QLDB

Amazon RDS

Amazon Redshift

Amazon Rekognition

AWS RoboMaker

Amazon Route 53

Amazon Route 53 Resolver

Amazon S3

Amazon SageMaker Batch Transform Jobs

Amazon SageMaker Endpoints

Amazon SageMaker Endpoint Instances

Amazon SageMaker Ground Truth

Amazon SageMaker Processing Jobs

Amazon SageMaker Training Jobs

AWS Service Catalog

Amazon Simple Email Service (SES)

Amazon Simple Notification Service (SNS)

Amazon Simple Queue Service (SQS)

AWS Systems Manager - Run Command

AWS Step Functions

AWS Storage Gateway

Amazon SWF

Amazon Textract

AWS Transfer Family

AWS Transit Gateway

Amazon Translate

AWS Trusted Advisor

AWS API Usage

AWS Site-to-Site VPN

AWS WAF Classic

AWS WAF

Amazon WorkMail

Amazon WorkSpaces

Available metrics

Name

Description

Unit

Statistics

Dimensions

Recommended

ActivitiesFailed

The number of failed activities

Count

Sum

Region, ActivityArn

ActivitiesHeartbeatTimedOut

The number of activities that time out due to a heartbeat timeout

Count

Sum

Region, ActivityArn

ActivitiesScheduled

The number of scheduled activities

Count

Sum

Region, ActivityArn

ActivitiesStarted

The number of started activities

Count

Sum

Region, ActivityArn

ActivitiesSucceeded

The number of successfully completed activities

Count

Sum

Region, ActivityArn

ActivitiesTimedOut

The number of activities that time out on close

Count

Sum

Region, ActivityArn

ActivityRunTime

The interval, in milliseconds, between the time the activity starts and the time it closes

Milliseconds

Multi

Region, ActivityArn

ActivityScheduleTime

The interval, in milliseconds, for which the activity stays in the schedule state

Milliseconds

Multi

Region, ActivityArn

ActivityTime

The interval, in milliseconds, between the time the activity is scheduled and the time it closes

Milliseconds

Multi

Region, ActivityArn

ConsumedCapacity

The count of requests per second

Count

Sum

Region, ServiceMetric

ConsumedCapacity

Count

Sum

Region, APIName

ExecutionThrottled

The number of StateEntered events and retries that have been throttled

Count

Sum

Region, StateMachineArn

ExecutionTime

The interval, in milliseconds, between the time the execution starts and the time it closes

Milliseconds

Multi

Region, StateMachineArn

ExecutionsAborted

The number of aborted or terminated executions

Count

Sum

Region, StateMachineArn

ExecutionsFailed

The number of failed executions

Count

Sum

Region, StateMachineArn

ExecutionsStarted

The number of started executions

Count

Sum

Region, StateMachineArn

ExecutionsSucceeded

The number of successfully completed executions

Count

Sum

Region, StateMachineArn

ExecutionsTimedOut

The number of executions that time out for any reason

Count

Sum

Region, StateMachineArn

LambdaFunctionRunTime

The interval, in milliseconds, between the time the Lambda function starts and the time it closes

Milliseconds

Multi

Region, LambdaFunctionArn

LambdaFunctionScheduleTime

The interval, in milliseconds, for which the Lambda function stays in the schedule state

Milliseconds

Multi

Region, LambdaFunctionArn

LambdaFunctionTime

The interval, in milliseconds, between the time the Lambda function is scheduled and the time it closes

Milliseconds

Multi

Region, LambdaFunctionArn

LambdaFunctionsFailed

The number of failed Lambda functions

Count

Sum

Region, LambdaFunctionArn

LambdaFunctionsScheduled

The number of scheduled Lambda functions

Count

Sum

Region, LambdaFunctionArn

LambdaFunctionsStarted

The number of started Lambda functions

Count

Sum

Region, LambdaFunctionArn

LambdaFunctionsSucceeded

The number of successfully completed Lambda functions

Count

Sum

Region, LambdaFunctionArn

LambdaFunctionsTimedOut

The number of Lambda functions that time out on close

Count

Sum

Region, LambdaFunctionArn

ProvisionedBucketSize

The count of available requests per second

Count

Multi

Region, ServiceMetric

ProvisionedBucketSize

Count

Multi

Region, APIName

ProvisionedRefillRate

The count of requests per second that are allowed into the bucket

Count

Multi

Region, ServiceMetric

ProvisionedRefillRate

Count

Multi

Region, APIName

ServiceIntegrationRunTime

The interval, in milliseconds, between the time the service task starts and the time it closes

Milliseconds

Multi