Dynatrace ingests metrics for multiple preselected namespaces, including Amazon EC2. You can view metrics for each service instance, split metrics into multiple dimensions, and create custom charts that you can pin to your dashboards.
To enable monitoring for this service, you need:
Any version of ActiveGate in both Dynatrace SaaS and Managed deployments.
An updated AWS monitoring policy to include the additional AWS services.
To update the AWS IAM policy, use the JSON below, containing the monitoring policy (permissions) for all cloud services.
{"Version": "2012-10-17","Statement": [{"Sid": "VisualEditor0","Effect": "Allow","Action": ["acm-pca:ListCertificateAuthorities","apigateway:GET","apprunner:ListServices","appstream:DescribeFleets","appsync:ListGraphqlApis","athena:ListWorkGroups","autoscaling:DescribeAutoScalingGroups","cloudformation:ListStackResources","cloudfront:ListDistributions","cloudhsm:DescribeClusters","cloudsearch:DescribeDomains","cloudwatch:GetMetricData","cloudwatch:GetMetricStatistics","cloudwatch:ListMetrics","codebuild:ListProjects","datasync:ListTasks","dax:DescribeClusters","directconnect:DescribeConnections","dms:DescribeReplicationInstances","dynamodb:ListTables","dynamodb:ListTagsOfResource","ec2:DescribeAvailabilityZones","ec2:DescribeInstances","ec2:DescribeNatGateways","ec2:DescribeSpotFleetRequests","ec2:DescribeTransitGateways","ec2:DescribeVolumes","ec2:DescribeVpnConnections","ecs:ListClusters","eks:ListClusters","elasticache:DescribeCacheClusters","elasticbeanstalk:DescribeEnvironmentResources","elasticbeanstalk:DescribeEnvironments","elasticfilesystem:DescribeFileSystems","elasticloadbalancing:DescribeInstanceHealth","elasticloadbalancing:DescribeListeners","elasticloadbalancing:DescribeLoadBalancers","elasticloadbalancing:DescribeRules","elasticloadbalancing:DescribeTags","elasticloadbalancing:DescribeTargetHealth","elasticmapreduce:ListClusters","elastictranscoder:ListPipelines","es:ListDomainNames","events:ListEventBuses","firehose:ListDeliveryStreams","fsx:DescribeFileSystems","gamelift:ListFleets","glue:GetJobs","inspector:ListAssessmentTemplates","kafka:ListClusters","kinesis:ListStreams","kinesisanalytics:ListApplications","kinesisvideo:ListStreams","lambda:ListFunctions","lambda:ListTags","lex:GetBots","logs:DescribeLogGroups","mediaconnect:ListFlows","mediaconvert:DescribeEndpoints","mediapackage-vod:ListPackagingConfigurations","mediapackage:ListChannels","mediatailor:ListPlaybackConfigurations","opsworks:DescribeStacks","qldb:ListLedgers","rds:DescribeDBClusters","rds:DescribeDBInstances","rds:DescribeEvents","rds:ListTagsForResource","redshift:DescribeClusters","robomaker:ListSimulationJobs","route53:ListHostedZones","route53resolver:ListResolverEndpoints","s3:ListAllMyBuckets","sagemaker:ListEndpoints","sns:ListTopics","sqs:ListQueues","storagegateway:ListGateways","sts:GetCallerIdentity","swf:ListDomains","tag:GetResources","tag:GetTagKeys","transfer:ListServers","workmail:ListOrganizations","workspaces:DescribeWorkspaces"],"Resource": "*"}]}
If you don't want to add permissions to all services, and just select permissions for certain services, consult the table below. The table contains a set of permissions that are required for All AWS cloud services and, for each cloud service, a list of optional permissions specific to that service.
"cloudwatch:GetMetricData"
"cloudwatch:GetMetricStatistics"
"cloudwatch:ListMetrics"
"sts:GetCallerIdentity"
"tag:GetResources"
"tag:GetTagKeys"
"ec2:DescribeAvailabilityZones"
cloudwatch:GetMetricData
,cloudwatch:GetMetricStatistics
,cloudwatch:ListMetrics
,sts:GetCallerIdentity
,tag:GetResources
,tag:GetTagKeys
,ec2:DescribeAvailabilityZones
acm-pca:ListCertificateAuthorities
apigateway:GET
apprunner:ListServices
appstream:DescribeFleets
appsync:ListGraphqlApis
athena:ListWorkGroups
rds:DescribeDBClusters
autoscaling:DescribeAutoScalingGroups
autoscaling:DescribeAutoScalingGroups
cloudfront:ListDistributions
cloudhsm:DescribeClusters
cloudsearch:DescribeDomains
codebuild:ListProjects
eks:ListClusters
datasync:ListTasks
dax:DescribeClusters
dms:DescribeReplicationInstances
rds:DescribeDBClusters
directconnect:DescribeConnections
dynamodb:ListTables
dynamodb:ListTables
,dynamodb:ListTagsOfResource
ec2:DescribeVolumes
ec2:DescribeVolumes
ec2:DescribeInstances
ec2:DescribeSpotFleetRequests
ecs:ListClusters
ecs:ListClusters
elasticache:DescribeCacheClusters
elasticbeanstalk:DescribeEnvironments
elasticfilesystem:DescribeFileSystems
elasticmapreduce:ListClusters
es:ListDomainNames
elastictranscoder:ListPipelines
elasticloadbalancing:DescribeInstanceHealth
,elasticloadbalancing:DescribeListeners
,elasticloadbalancing:DescribeLoadBalancers
,elasticloadbalancing:DescribeRules
,elasticloadbalancing:DescribeTags
,elasticloadbalancing:DescribeTargetHealth
events:ListEventBuses
fsx:DescribeFileSystems
gamelift:ListFleets
glue:GetJobs
inspector:ListAssessmentTemplates
kafka:ListClusters
kinesisanalytics:ListApplications
firehose:ListDeliveryStreams
kinesis:ListStreams
kinesisvideo:ListStreams
lambda:ListFunctions
lambda:ListFunctions
,lambda:ListTags
lex:GetBots
elasticloadbalancing:DescribeInstanceHealth
,elasticloadbalancing:DescribeListeners
,elasticloadbalancing:DescribeLoadBalancers
,elasticloadbalancing:DescribeRules
,elasticloadbalancing:DescribeTags
,elasticloadbalancing:DescribeTargetHealth
logs:DescribeLogGroups
mediaconnect:ListFlows
mediaconvert:DescribeEndpoints
mediapackage:ListChannels
mediapackage-vod:ListPackagingConfigurations
mediatailor:ListPlaybackConfigurations
ec2:DescribeNatGateways
rds:DescribeDBClusters
opsworks:DescribeStacks
qldb:ListLedgers
rds:DescribeDBInstances
rds:DescribeDBInstances
,rds:DescribeEvents
,rds:ListTagsForResource
redshift:DescribeClusters
robomaker:ListSimulationJobs
route53:ListHostedZones
route53resolver:ListResolverEndpoints
s3:ListAllMyBuckets
s3:ListAllMyBuckets
sagemaker:ListEndpoints
sagemaker:ListEndpoints
sns:ListTopics
sqs:ListQueues
storagegateway:ListGateways
swf:ListDomains
transfer:ListServers
ec2:DescribeTransitGateways
ec2:DescribeVpnConnections
workmail:ListOrganizations
workspaces:DescribeWorkspaces
Example of JSON policy for one single service.
{"Version": "2012-10-17","Statement": [{"Sid": "VisualEditor0","Effect": "Allow","Action": ["apigateway:GET","cloudwatch:GetMetricData","cloudwatch:GetMetricStatistics","cloudwatch:ListMetrics","sts:GetCallerIdentity","tag:GetResources","tag:GetTagKeys","ec2:DescribeAvailabilityZones"],"Resource": "*"}]}
In this example, from the complete list of permissions you need to select
"apigateway:GET"
for Amazon API Gateway
"cloudwatch:GetMetricData"
, "cloudwatch:GetMetricStatistics"
, "cloudwatch:ListMetrics"
, "sts:GetCallerIdentity"
, "tag:GetResources"
, "tag:GetTagKeys"
, and "ec2:DescribeAvailabilityZones"
for All AWS cloud services.
To disable monitoring of built-in services, you need Environment ActiveGate version 1.245+ and Dynatrace version 1.247+.
autoscaling.<REGION>.amazonaws.com
lambda.<REGION>.amazonaws.com
elasticloadbalancing.<REGION>.amazonaws.com
dynamodb.<REGION>.amazonaws.com
ec2.<REGION>.amazonaws.com
rds.<REGION>.amazonaws.com
s3.<REGION>.amazonaws.com
acm-pca.<REGION>.amazonaws.com
apigateway.<REGION>.amazonaws.com
apprunner.<REGION>.amazonaws.com
appstream2.<REGION>.amazonaws.com
appsync.<REGION>.amazonaws.com
athena.<REGION>.amazonaws.com
cloudfront.amazonaws.com
cloudhsmv2.<REGION>.amazonaws.com
cloudsearch.<REGION>.amazonaws.com
codebuild.<REGION>.amazonaws.com
datasync.<REGION>.amazonaws.com
dax.<REGION>.amazonaws.com
dms.<REGION>.amazonaws.com
directconnect.<REGION>.amazonaws.com
ecs.<REGION>.amazonaws.com
elasticfilesystem.<REGION>.amazonaws.com
eks.<REGION>.amazonaws.com
elasticache.<REGION>.amazonaws.com
elasticbeanstalk.<REGION>.amazonaws.com
elastictranscoder.<REGION>.amazonaws.com
es.<REGION>.amazonaws.com
events.<REGION>.amazonaws.com
fsx.<REGION>.amazonaws.com
gamelift.<REGION>.amazonaws.com
glue.<REGION>.amazonaws.com
inspector.<REGION>.amazonaws.com
kafka.<REGION>.amazonaws.com
models.lex.<REGION>.amazonaws.com
logs.<REGION>.amazonaws.com
api.mediatailor.<REGION>.amazonaws.com
mediaconnect.<REGION>.amazonaws.com
mediapackage.<REGION>.amazonaws.com
mediapackage-vod.<REGION>.amazonaws.com
opsworks.<REGION>.amazonaws.com
qldb.<REGION>.amazonaws.com
redshift.<REGION>.amazonaws.com
robomaker.<REGION>.amazonaws.com
route53.amazonaws.com
route53resolver.<REGION>.amazonaws.com
api.sagemaker.<REGION>.amazonaws.com
sns.<REGION>.amazonaws.com
sqs.<REGION>.amazonaws.com
storagegateway.<REGION>.amazonaws.com
swf.<REGION>.amazonaws.com
transfer.<REGION>.amazonaws.com
workmail.<REGION>.amazonaws.com
workspaces.<REGION>.amazonaws.com
To learn how to enable service monitoring, see Enable service monitoring.
You can view the service metrics in your Dynatrace environment either on the AWS account page or on your Dashboards page.
To view metrics on the AWS account page
You can also create your own dashboard. For more information on how to create dashboards, go to Create and edit Dynatrace dashboards
This is a built-in service. It's monitored out-of-the-box once a new AWS integration instance is created. For built-in services, all metrics are recommended (changing configuration is not possible).
Example of AWS built-in monitoring service
InstanceId
is the main dimension.
EC2 CPU usage %
EC2 instance storage read IOPS
EC2 instance storage read rate
EC2 instance storage write IOPS
EC2 instance storage write rate
EC2 network data received rate
EC2 network data transmitted rate
Number of running EC2 instances (AZ)
Number of stopped EC2 instances (AZ)
Number of terminated EC2 instances (AZ)