AWS Step Functions monitoring
- How-to guide
- 5-min read
- Published Jul 06, 2020
Dynatrace ingests metrics for multiple preselected namespaces, including AWS Step Functions. You can view metrics for each service instance, split metrics into multiple dimensions, and create custom charts that you can pin to your dashboards.
Prerequisites
To enable monitoring for this service, you need
- ActiveGate version 1.197+
-
For Dynatrace SaaS deployments, you need an Environment ActiveGate or a Multi-environment ActiveGate.
For role-based access in SaaS deployment, you need an Environment ActiveGate installed on an Amazon EC2 host.
-
Dynatrace version 1.200+
-
An updated AWS monitoring policy to include the additional AWS services.
To update the AWS IAM policy, use the JSON below, containing the monitoring policy (permissions) for all supporting services.
{"Version": "2012-10-17","Statement": [{"Sid": "VisualEditor0","Effect": "Allow","Action": ["acm-pca:ListCertificateAuthorities","apigateway:GET","apprunner:ListServices","appstream:DescribeFleets","appsync:ListGraphqlApis","athena:ListWorkGroups","autoscaling:DescribeAutoScalingGroups","cloudformation:ListStackResources","cloudfront:ListDistributions","cloudhsm:DescribeClusters","cloudsearch:DescribeDomains","cloudwatch:GetMetricData","cloudwatch:GetMetricStatistics","cloudwatch:ListMetrics","codebuild:ListProjects","datasync:ListTasks","dax:DescribeClusters","directconnect:DescribeConnections","dms:DescribeReplicationInstances","dynamodb:ListTables","dynamodb:ListTagsOfResource","ec2:DescribeAvailabilityZones","ec2:DescribeInstances","ec2:DescribeNatGateways","ec2:DescribeSpotFleetRequests","ec2:DescribeTransitGateways","ec2:DescribeVolumes","ec2:DescribeVpnConnections","ecs:ListClusters","eks:ListClusters","elasticache:DescribeCacheClusters","elasticbeanstalk:DescribeEnvironmentResources","elasticbeanstalk:DescribeEnvironments","elasticfilesystem:DescribeFileSystems","elasticloadbalancing:DescribeInstanceHealth","elasticloadbalancing:DescribeListeners","elasticloadbalancing:DescribeLoadBalancers","elasticloadbalancing:DescribeRules","elasticloadbalancing:DescribeTags","elasticloadbalancing:DescribeTargetHealth","elasticmapreduce:ListClusters","elastictranscoder:ListPipelines","es:ListDomainNames","events:ListEventBuses","firehose:ListDeliveryStreams","fsx:DescribeFileSystems","gamelift:ListFleets","glue:GetJobs","inspector:ListAssessmentTemplates","kafka:ListClusters","kinesis:ListStreams","kinesisanalytics:ListApplications","kinesisvideo:ListStreams","lambda:ListFunctions","lambda:ListTags","lex:GetBots","logs:DescribeLogGroups","mediaconnect:ListFlows","mediaconvert:DescribeEndpoints","mediapackage-vod:ListPackagingConfigurations","mediapackage:ListChannels","mediatailor:ListPlaybackConfigurations","opsworks:DescribeStacks","qldb:ListLedgers","rds:DescribeDBClusters","rds:DescribeDBInstances","rds:DescribeEvents","rds:ListTagsForResource","redshift:DescribeClusters","robomaker:ListSimulationJobs","route53:ListHostedZones","route53resolver:ListResolverEndpoints","s3:ListAllMyBuckets","sagemaker:ListEndpoints","sns:ListTopics","sqs:ListQueues","storagegateway:ListGateways","sts:GetCallerIdentity","swf:ListDomains","tag:GetResources","tag:GetTagKeys","transfer:ListServers","workmail:ListOrganizations","workspaces:DescribeWorkspaces"],"Resource": "*"}]}
If you don't want to add permissions to all services, and just select permissions for certain services, consult the table below. The table contains a set of permissions that are required for All AWS cloud services and, for each supporting service, a list of optional permissions specific to that service.
Permissions required for AWS monitoring integration:
"cloudwatch:GetMetricData""cloudwatch:GetMetricStatistics""cloudwatch:ListMetrics""sts:GetCallerIdentity""tag:GetResources""tag:GetTagKeys""ec2:DescribeAvailabilityZones"
| Name | Permissions |
|---|---|
| All monitored Amazon services required | cloudwatch:GetMetricData,cloudwatch:GetMetricStatistics,cloudwatch:ListMetrics,sts:GetCallerIdentity,tag:GetResources,tag:GetTagKeys,ec2:DescribeAvailabilityZones |
| AWS Certificate Manager Private Certificate Authority | acm-pca:ListCertificateAuthorities |
| Amazon MQ | |
| Amazon API Gateway | apigateway:GET |
| AWS App Runner | apprunner:ListServices |
| Amazon AppStream | appstream:DescribeFleets |
| AWS AppSync | appsync:ListGraphqlApis |
| Amazon Athena | athena:ListWorkGroups |
| Amazon Aurora | rds:DescribeDBClusters |
| Amazon EC2 Auto Scaling | autoscaling:DescribeAutoScalingGroups |
| Amazon EC2 Auto Scaling (built-in) | autoscaling:DescribeAutoScalingGroups |
| AWS Billing | |
| Amazon Keyspaces | |
| AWS Chatbot | |
| Amazon CloudFront | cloudfront:ListDistributions |
| AWS CloudHSM | cloudhsm:DescribeClusters |
| Amazon CloudSearch | cloudsearch:DescribeDomains |
| AWS CodeBuild | codebuild:ListProjects |
| Amazon Cognito | |
| Amazon Connect | |
| Amazon Elastic Kubernetes Service (EKS) | eks:ListClusters |
| AWS DataSync | datasync:ListTasks |
| Amazon DynamoDB Accelerator (DAX) | dax:DescribeClusters |
| AWS Database Migration Service (AWS DMS) | dms:DescribeReplicationInstances |
| Amazon DocumentDB | rds:DescribeDBClusters |
| AWS Direct Connect | directconnect:DescribeConnections |
| Amazon DynamoDB | dynamodb:ListTables |
| Amazon DynamoDB (built-in) | dynamodb:ListTables,dynamodb:ListTagsOfResource |
| Amazon EBS | ec2:DescribeVolumes |
| Amazon EBS (built-in) | ec2:DescribeVolumes |
| Amazon EC2 API | |
| Amazon EC2 (built-in) | ec2:DescribeInstances |
| Amazon EC2 Spot Fleet | ec2:DescribeSpotFleetRequests |
| Amazon Elastic Container Service (ECS) | ecs:ListClusters |
| Amazon ECS Container Insights | ecs:ListClusters |
| Amazon ElastiCache (EC) | elasticache:DescribeCacheClusters |
| AWS Elastic Beanstalk | elasticbeanstalk:DescribeEnvironments |
| Amazon Elastic File System (EFS) | elasticfilesystem:DescribeFileSystems |
| Amazon Elastic Inference | |
| Amazon Elastic Map Reduce (EMR) | elasticmapreduce:ListClusters |
| Amazon Elasticsearch Service (ES) | es:ListDomainNames |
| Amazon Elastic Transcoder | elastictranscoder:ListPipelines |
| Amazon Elastic Load Balancer (ELB) (built-in) | elasticloadbalancing:DescribeInstanceHealth,elasticloadbalancing:DescribeListeners,elasticloadbalancing:DescribeLoadBalancers,elasticloadbalancing:DescribeRules,elasticloadbalancing:DescribeTags,elasticloadbalancing:DescribeTargetHealth |
| Amazon EventBridge | events:ListEventBuses |
| Amazon FSx | fsx:DescribeFileSystems |
| Amazon GameLift | gamelift:ListFleets |
| AWS Glue | glue:GetJobs |
| Amazon Inspector | inspector:ListAssessmentTemplates |
| AWS Internet of Things (IoT) | |
| AWS IoT Analytics | |
| Amazon Managed Streaming for Kafka | kafka:ListClusters |
| Amazon Kinesis Data Analytics | kinesisanalytics:ListApplications |
| Amazon Data Firehose | firehose:ListDeliveryStreams |
| Amazon Kinesis Data Streams | kinesis:ListStreams |
| Amazon Kinesis Video Streams | kinesisvideo:ListStreams |
| AWS Lambda | lambda:ListFunctions |
| AWS Lambda (built-in) | lambda:ListFunctions,lambda:ListTags |
| Amazon Lex | lex:GetBots |
| Amazon Application and Network Load Balancer (built-in) | elasticloadbalancing:DescribeInstanceHealth,elasticloadbalancing:DescribeListeners,elasticloadbalancing:DescribeLoadBalancers,elasticloadbalancing:DescribeRules,elasticloadbalancing:DescribeTags,elasticloadbalancing:DescribeTargetHealth |
| Amazon CloudWatch Logs | logs:DescribeLogGroups |
| AWS Elemental MediaConnect | mediaconnect:ListFlows |
| AWS Elemental MediaConvert | mediaconvert:DescribeEndpoints |
| AWS Elemental MediaPackage Live | mediapackage:ListChannels |
| AWS Elemental MediaPackage Video on Demand | mediapackage-vod:ListPackagingConfigurations |
| AWS Elemental MediaTailor | mediatailor:ListPlaybackConfigurations |
| Amazon VPC NAT Gateways | ec2:DescribeNatGateways |
| Amazon Neptune | rds:DescribeDBClusters |
| AWS OpsWorks | opsworks:DescribeStacks |
| Amazon Polly | |
| Amazon QLDB | qldb:ListLedgers |
| Amazon RDS | rds:DescribeDBInstances |
| Amazon RDS (built-in) | rds:DescribeDBInstances,rds:DescribeEvents,rds:ListTagsForResource |
| Amazon Redshift | redshift:DescribeClusters |
| Amazon Rekognition | |
| AWS RoboMaker | robomaker:ListSimulationJobs |
| Amazon Route 53 | route53:ListHostedZones |
| Amazon Route 53 Resolver | route53resolver:ListResolverEndpoints |
| Amazon S3 | s3:ListAllMyBuckets |
| Amazon S3 (built-in) | s3:ListAllMyBuckets |
| Amazon SageMaker Batch Transform Jobs | |
| Amazon SageMaker Endpoint Instances | sagemaker:ListEndpoints |
| Amazon SageMaker Endpoints | sagemaker:ListEndpoints |
| Amazon SageMaker Ground Truth | |
| Amazon SageMaker Processing Jobs | |
| Amazon SageMaker Training Jobs | |
| AWS Service Catalog | |
| Amazon Simple Email Service (SES) | |
| Amazon Simple Notification Service (SNS) | sns:ListTopics |
| Amazon Simple Queue Service (SQS) | sqs:ListQueues |
| AWS Systems Manager - Run Command | |
| AWS Step Functions | |
| AWS Storage Gateway | storagegateway:ListGateways |
| Amazon SWF | swf:ListDomains |
| Amazon Textract | |
| AWS IoT Things Graph | |
| AWS Transfer Family | transfer:ListServers |
| AWS Transit Gateway | ec2:DescribeTransitGateways |
| Amazon Translate | |
| AWS Trusted Advisor | |
| AWS API Usage | |
| AWS Site-to-Site VPN | ec2:DescribeVpnConnections |
| AWS WAF Classic | |
| AWS WAF | |
| Amazon WorkMail | workmail:ListOrganizations |
| Amazon WorkSpaces | workspaces:DescribeWorkspaces |
Example of JSON policy for one single service.
{"Version": "2012-10-17","Statement": [{"Sid": "VisualEditor0","Effect": "Allow","Action": ["apigateway:GET","cloudwatch:GetMetricData","cloudwatch:GetMetricStatistics","cloudwatch:ListMetrics","sts:GetCallerIdentity","tag:GetResources","tag:GetTagKeys","ec2:DescribeAvailabilityZones"],"Resource": "*"}]}
In this example, from the complete list of permissions you need to select
"apigateway:GET"for Amazon API Gateway"cloudwatch:GetMetricData","cloudwatch:GetMetricStatistics","cloudwatch:ListMetrics","sts:GetCallerIdentity","tag:GetResources","tag:GetTagKeys", and"ec2:DescribeAvailabilityZones"for All AWS cloud services.
Enable monitoring
To learn how to enable service monitoring, see Enable service monitoring.
View service metrics
You can view the service metrics in your Dynatrace environment either on the custom device overview page or on your Dashboards page.
View metrics on the custom device overview page
To access the custom device overview page
- Go to Technologies & Processes Classic.
- Filter by service name and select the relevant custom device group.
- Once you select the custom device group, you're on the custom device group overview page.
- The custom device group overview page lists all instances (custom devices) belonging to the group. Select an instance to view the custom device overview page.
View metrics on your dashboard
After you add the service to monitoring, a preset dashboard containing all recommended metrics is automatically listed on your Dashboards page. To look for specific dashboards, filter by Preset and then by Name.
For existing monitored services, you might need to resave your credentials for the preset dashboard to appear on the Dashboards page. To resave your credentials, go to Settings > Cloud and virtualization > AWS, select the desired AWS instance, and then select Save.
You can't make changes on a preset dashboard directly, but you can clone and edit it. To clone a dashboard, open the browse menu (…) and select Clone.
To remove a dashboard from the dashboards page, you can hide it. To hide a dashboard, open the browse menu (…) and select Hide.
Hiding a dashboard doesn't affect other users.
To check the availability of preset dashboards for each AWS service, see the list below.
| AWS service | Preset dashboard |
|---|---|
| Amazon EC2 Auto Scaling (built-in) |  |
| AWS Lambda (built-in) | |
| Amazon Application and Network Load Balancer (built-in) | |
| Amazon DynamoDB (built-in) | |
| Amazon EBS (built-in) | |
| Amazon EC2 (built-in) | |
| Amazon Elastic Load Balancer (ELB) (built-in) | |
| Amazon RDS (built-in) | |
| Amazon S3 (built-in) | |
| AWS Certificate Manager Private Certificate Authority | |
| All monitored Amazon services | |
| Amazon API Gateway | |
| AWS App Runner | |
| Amazon AppStream |  |
| AWS AppSync | |
| Amazon Athena | |
| Amazon Aurora | |
| Amazon EC2 Auto Scaling | |
| AWS Billing | |
| Amazon Keyspaces | |
| AWS Chatbot | |
| Amazon CloudFront | |
| AWS CloudHSM | |
| Amazon CloudSearch | |
| AWS CodeBuild | |
| Amazon Cognito | |
| Amazon Connect | |
| AWS DataSync | |
| Amazon DynamoDB Accelerator (DAX) | |
| AWS Database Migration Service (AWS DMS) | |
| Amazon DocumentDB | |
| AWS Direct Connect | |
| Amazon DynamoDB | |
| Amazon EBS | |
| Amazon EC2 Spot Fleet | |
| Amazon EC2 API | |
| Amazon Elastic Container Service (ECS) | |
| Amazon ECS Container Insights | |
| Amazon Elastic File System (EFS) | |
| Amazon Elastic Kubernetes Service (EKS) | |
| Amazon ElastiCache (EC) | |
| AWS Elastic Beanstalk | |
| Amazon Elastic Inference | |
| Amazon Elastic Transcoder | |
| Amazon Elastic Map Reduce (EMR) | |
| Amazon Elasticsearch Service (ES) | |
| Amazon EventBridge | |
| Amazon FSx | |
| Amazon GameLift | |
| AWS Glue | |
| Amazon Inspector | |
| AWS Internet of Things (IoT) | |
| AWS IoT Things Graph | |
| AWS IoT Analytics | |
| Amazon Managed Streaming for Kafka | |
| Amazon Kinesis Data Analytics | |
| Amazon Data Firehose | |
| Amazon Kinesis Data Streams | |
| Amazon Kinesis Video Streams | |
| AWS Lambda | |
| Amazon Lex | |
| Amazon CloudWatch Logs | |
| AWS Elemental MediaTailor | |
| AWS Elemental MediaConnect | |
| AWS Elemental MediaConvert | |
| AWS Elemental MediaPackage Live | |
| AWS Elemental MediaPackage Video on Demand | |
| Amazon MQ | |
| Amazon VPC NAT Gateways | |
| Amazon Neptune | |
| AWS OpsWorks | |
| Amazon Polly | |
| Amazon QLDB | |
| Amazon RDS | |
| Amazon Redshift | |
| Amazon Rekognition | |
| AWS RoboMaker | |
| Amazon Route 53 | |
| Amazon Route 53 Resolver | |
| Amazon S3 | |
| Amazon SageMaker Batch Transform Jobs | |
| Amazon SageMaker Endpoints | |
| Amazon SageMaker Endpoint Instances | |
| Amazon SageMaker Ground Truth | |
| Amazon SageMaker Processing Jobs | |
| Amazon SageMaker Training Jobs | |
| AWS Service Catalog | |
| Amazon Simple Email Service (SES) | |
| Amazon Simple Notification Service (SNS) | |
| Amazon Simple Queue Service (SQS) | |
| AWS Systems Manager - Run Command | |
| AWS Step Functions | |
| AWS Storage Gateway | |
| Amazon SWF | |
| Amazon Textract | |
| AWS Transfer Family | |
| AWS Transit Gateway | |
| Amazon Translate | |
| AWS Trusted Advisor | |
| AWS API Usage | |
| AWS Site-to-Site VPN | |
| AWS WAF Classic | |
| AWS WAF | |
| Amazon WorkMail | |
| Amazon WorkSpaces | |
Available metrics
| Name | Description | Unit | Statistics | Dimensions | Recommended |
|---|---|---|---|---|---|
| ActivitiesFailed | The number of failed activities | Count | Sum | Region, ActivityArn | |
| ActivitiesHeartbeatTimedOut | The number of activities that time out due to a heartbeat timeout | Count | Sum | Region, ActivityArn | |
| ActivitiesScheduled | The number of scheduled activities | Count | Sum | Region, ActivityArn | |
| ActivitiesStarted | The number of started activities | Count | Sum | Region, ActivityArn | |
| ActivitiesSucceeded | The number of successfully completed activities | Count | Sum | Region, ActivityArn | |
| ActivitiesTimedOut | The number of activities that time out on close | Count | Sum | Region, ActivityArn | |
| ActivityRunTime | The interval, in milliseconds, between the time the activity starts and the time it closes | Milliseconds | Multi | Region, ActivityArn | |
| ActivityScheduleTime | The interval, in milliseconds, for which the activity stays in the schedule state | Milliseconds | Multi | Region, ActivityArn | |
| ActivityTime | The interval, in milliseconds, between the time the activity is scheduled and the time it closes | Milliseconds | Multi | Region, ActivityArn | |
| ConsumedCapacity | The count of requests per second | Count | Sum | Region, ServiceMetric | |
| ConsumedCapacity | Count | Sum | Region, APIName | | |
| ExecutionThrottled | The number of StateEntered events and retries that have been throttled | Count | Sum | Region, StateMachineArn | |
| ExecutionTime | The interval, in milliseconds, between the time the execution starts and the time it closes | Milliseconds | Multi | Region, StateMachineArn | |
| ExecutionsAborted | The number of aborted or terminated executions | Count | Sum | Region, StateMachineArn | |
| ExecutionsFailed | The number of failed executions | Count | Sum | Region, StateMachineArn | |
| ExecutionsStarted | The number of started executions | Count | Sum | Region, StateMachineArn | |
| ExecutionsSucceeded | The number of successfully completed executions | Count | Sum | Region, StateMachineArn | |
| ExecutionsTimedOut | The number of executions that time out for any reason | Count | Sum | Region, StateMachineArn | |
| LambdaFunctionRunTime | The interval, in milliseconds, between the time the Lambda function starts and the time it closes | Milliseconds | Multi | Region, LambdaFunctionArn | |
| LambdaFunctionScheduleTime | The interval, in milliseconds, for which the Lambda function stays in the schedule state | Milliseconds | Multi | Region, LambdaFunctionArn | |
| LambdaFunctionTime | The interval, in milliseconds, between the time the Lambda function is scheduled and the time it closes | Milliseconds | Multi | Region, LambdaFunctionArn | |
| LambdaFunctionsFailed | The number of failed Lambda functions | Count | Sum | Region, LambdaFunctionArn | |
| LambdaFunctionsScheduled | The number of scheduled Lambda functions | Count | Sum | Region, LambdaFunctionArn | |
| LambdaFunctionsStarted | The number of started Lambda functions | Count | Sum | Region, LambdaFunctionArn | |
| LambdaFunctionsSucceeded | The number of successfully completed Lambda functions | Count | Sum | Region, LambdaFunctionArn | |
| LambdaFunctionsTimedOut | The number of Lambda functions that time out on close | Count | Sum | Region, LambdaFunctionArn | |
| ProvisionedBucketSize | The count of available requests per second | Count | Multi | Region, ServiceMetric | |
| ProvisionedBucketSize | Count | Multi | Region, APIName | ||
| ProvisionedRefillRate | The count of requests per second that are allowed into the bucket | Count | Multi | Region, ServiceMetric | |
| ProvisionedRefillRate | Count | Multi | Region, APIName | ||
| ServiceIntegrationRunTime | The interval, in milliseconds, between the time the service task starts and the time it closes | Milliseconds | Multi | Region, ServiceIntegrationResourceArn | |
| ServiceIntegrationScheduleTime | The interval, in milliseconds, for which the service task stays in the schedule state | Milliseconds | Multi | Region, ServiceIntegrationResourceArn | |
| ServiceIntegrationTime | The interval, in milliseconds, between the time the service task is scheduled and the time it closes | Milliseconds | Multi | Region, ServiceIntegrationResourceArn | |
| ServiceIntegrationsFailed | The number of failed service tasks | Count | Sum | Region, ServiceIntegrationResourceArn | |
| ServiceIntegrationsScheduled | The number of scheduled service tasks. | Count | Sum | Region, ServiceIntegrationResourceArn | |
| ServiceIntegrationsStarted | The number of started service tasks | Count | Sum | Region, ServiceIntegrationResourceArn | |
| ServiceIntegrationsSucceeded | The number of successfully completed service tasks | Count | Sum | Region, ServiceIntegrationResourceArn | |
| ServiceIntegrationsTimedOut | The number of service tasks that time out on close | Count | Sum | Region, ServiceIntegrationResourceArn | |
| ThrottledEvents | The count of requests that have been throttled | Count | Sum | Region, ServiceMetric | |
| ThrottledEvents | Count | Sum | Region, APIName | |
Limitations
Dynatrace gathers metrics for AWS Step Functions at the custom device group level instead of the custom device level (metrics are service-wide).
Related tags
Infrastructure Observability