Manage your AWS connections
- Latest Dynatrace
- How-to guide
- Published Aug 29, 2025
- Preview
Manage an existing AWS connection
Once you have successfully onboarded your AWS environments, it becomes a healthy AWS connection.
During Preview, the connection status only reflects the time the connection was onboarded.
The AWS connections table in 
Settings > Cloud and virtualization > AWS (Preview) is your cockpit for managing all the AWS connections.
The Filter all columns field allows you to swiftly filter connections. For example, enter Healthy and it will retrieve all connections in Healthy status.
Select a connection to explore it further by accessing the details window with the Overview and Health tabs.
Overview tab
During initial stages of the Preview, the Overview tab charts are sample charts and depict sample data-points.
The Overview tab allows you to explore the following:
- Telemetry Signals charts that showcase the status of signal ingest over time. (Simple Count) For example, you’ve just enabled new AWS services for metric ingest, so the expected result should be an increase in the metrics count over the last hour.
- The AWS connection metadata in the form of a "properties" field-based table. It also allows you to rename the connection name to meet naming convention policies.
- This overview is a gateway to fully manage the connection’s monitoring configuration.
Customize your monitoring settings
To customize your monitoring settings, select Manage in the upper-right corner of the overview window. Your current settings depend on your onboarding path. In this window, you can customize the supported settings to reach your desired state:
- CloudWatch metrics: Use this section to enable/disable Native AWS services and set their metric collection sets.
- Enabling services will schedule our metric poller to fetch CloudWatch metrics (at 5-minute intervals).
- Monitored Regions are used to enable metric polling only for regions you choose to poll from.
During the preview, CloudWatch metrics ingest is considered a core signal which cannot be disabled.
It is mandatory to enable us-east-1 region regardless of your desired monitored regions. The topology service polls for global AWS resources which only reside on us-east-1.
- CloudWatch Logs (ingested via Amazon Data Firehose): Changes to push-based logs signal can only be made by updating the primary CloudFormation stack in the AWS Console.
- AWS tag enrichment: Use this section to set AWS tags (only key names) that will be used to enrich supported signals such as CloudWatch metrics. Tag (key + value) length cannot exceed 23 characters and must adhere to these allowed characters:
^[a-zA-Z0-9_.: -/]*$.Tag enrichment changes can take up to 15 minutes to propagate. Tag enrichment will not work if the signal is not able to be linked to an entity. Consider the propogation times when using tags for business/operational/governance use cases.
- Dynatrace attribute enrichment: This feature unlocks advanced platform (current and future) upstream use cases. It allows the enriching of signals with well-known Dynatrace attributes that will support use cases such as fine-grained permissions.
In addition to literal values (custom arbitrary user label), the integration supports the setting of an AWS tag key name, which will resolve to the tag value at runtime.
Those capabilities are powered by Primary Grail Tags.When setting an AWS tag, changes can take up to 15 minutes to propagate.
Health tab
During Preview, the Health tab contains only visual designs with sample data.
Select a connection to access the details window and switch to the Health tab.
Connection status types
The connection Health tab provides a quick view on the connection health status. The purpose of this tab is to allow rapid troubleshooting for connection service interruptions. There are several connection status types:
Pending: During onboarding, the connection will be in thePendingstatus.Pendingmeans that the connection awaits an acknowledgment from the CloudFormation deployment. The ACK can mark the connection as eitherHealthyorUnhealthy.Healthy: This status reflects that the Dynatrace SaaS platform was able to successfully assume the AWS IAM role inside the connection’s AWS account. It does not necessarily mean that signals are successfully polled/pushed/ingested.Unhealthy: This status reflects that the Dynatrace SaaS platform was/is unable to successfully assume the AWS IAM role inside the connection’s AWS account. This status means that the connection is not functioning correctly.Push-based telemetry (Firehose Logs, EventBridge Events) might still work in this case, as they do not depend on AWS IAM permission.
Inactive: This is a user-generated status; connections can be disabled by the user. When a connection transitions toInactivestatus, all poll-based signals ingest is suspended. It is not possible to change any monitoring settings or gauge the currentHealthstatus of a connection while in this status.Push-based signals may still work in this case, as they do not depend on AWS IAM permission.
During Preview, only onboarding time Pending, Healthy connection statuses are supported.
AWS IAM authentication and authorization
A Healthy connection is defined as a success to assume the connection’s Monitoring IAM role.
When transitioning to Unhealthy status, the errors are shown on the relevant IAM chart and log error events to the connection’s log section.
At times, the monitoring AWS IAM role may drift from our latest policy permission list. We have designed the integration to show #Warning on the relevant IAM chart and log a Warning event to the connection’s log section. Missing IAM policy permissions do not impact the connection status, but will impact functionality.
Delete a connection
Connections might need to be deleted and/or re-created.
To completely delete a connection:
In the AWS Console
- Log in to your AWS CloudFormation Console and identify the main deployed stack—this can be done with filtering the stack using the connection name (the connection name will be the primary stack name).
- Make sure that you only delete the main stack (
MyEastProd3Accountin our example); the linked nested stacks should be deleted automatically. At times, you may need to "hard" delete; follow the AWS recommendations.
In Dynatrace 
Fleet Management
- Go to Settings > Cloud and virtualization > AWS (Preview) to access all the AWS connections.
- Find and select the connection action menu on the right .
- Select Delete.
During Preview, you might be asked to re-create your connection.
Disable a connection
You might face use cases that require disabling a connection:
- Sudden API throttling due to multiple AWS API consumers
- Sudden rise in signals ingest count that cannot be attributed to configuration changes
- Request from a Dynatrace support specialist, for troubleshooting purposes
- Suspend the connection due to maintenance work on the AWS account
If you disable a connection, its status will change into Inactive.
A disabled connection in Inactive status does not delete existing data points or any configurations. It only suspends the connection.
To resume the suspended connection
- Go to Settings > Cloud and virtualization > AWS (Preview) to access all the AWS connections.
- Find and select the connection action menu on the right.
- Select Enable.
The enabled connection will change from Inactive to either Healthy or Unhealthy.
Paths and customizations
: Auto-enabled (not possible to disable/configure)
: Fully customizable
Topology is core auto-enabled signal in all paths; it's not possible to disable it.
The Recommended path auto-enables signals with customizations possible after a successful onboarding.
The Advanced path allows you to customize most of the signals as well as monitoring settings while onboarding.
In connection management, it's possible to customize all supported monitoring settings features.
Limitations
- For now, the Health tab contains only visual designs and example data.
- For now, only
PendingandHealthystatuses are supported; the support is only during onboarding.