The Dynatrace REST API enables you to create, update, retrieve, and delete both AWS connections and their associated monitoring configurations.
An AWS connection is the foundational link between Dynatrace and your AWS account, using a dedicated AWS IAM monitoring role for authentication and authorization. Each connection is paired one-to-one with a monitoring configuration—the blueprint that governs all monitoring behavior for that account, such as which AWS services to poll for metrics and which regions to target.
Once an AWS connection is in place, you can use the REST API to fully manage its linked monitoring configuration.
Recommended To delete an AWS connection, delete its associated monitoring configuration. This automatically triggers the removal of the underlying connection in the background.
To learn how to create an AWS connection via the REST API, see Create AWS connection via API.
This action is immediate and irreversible. Deleting a monitoring configuration will cause telemetry polling downtime and automatically remove its mapped AWS connection.
We recommend thorough testing of any automation scripts before running them in production—particularly scripts that iterate over and delete multiple monitoring configurations and their associated AWS connections.
Prepare this command:
curl -s -X GET \"https://${your_environment_url}/platform/extensions/v2/extensions/com.dynatrace.extension.da-aws/monitoring-configurations" \-H "Accept: application/json" \-H "Authorization: Bearer ${your_bearer_token}"
Replace the following placeholders with your values and then run the command:
${your_environment_url}: Your full Dynatrace environment URL, for example, xyz12345.apps.dynatrace.com.
${your_bearer_token}: Set the platform settings token you have created as part of the prerequisites.
The response should look similar to this:
{"items": [{"objectId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx","scope": "integration-aws","value": {"enabled": true,"description": "test-aws-monitoring-east",........."objectId": "yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyy","scope": "integration-aws","value": {"enabled": true,"description": "prod-aws-monitoring-east",.........
The objectId is the monitoring configuration unique identifier and is used across all DELETE/PUT/GET API calls.
Locate the monitoring configuration that you wish to delete and save its objectId as it will be needed for deleting the monitoring configuration.
If the API call fails, validate that
To delete a specific monitoring configuration:
Use the saved objectId or go to
Settings and capture the connection's Configuration ID property (connection Overview tab).
Prepare this command:
curl -X DELETE "https://${your_environment_url}/platform/extensions/v2/extensions/com.dynatrace.extension.da-aws/monitoring-configurations/${objectId}" \-H "Accept: application/json" \-H "Content-Type: application/json; charset=utf-8" \-H "Authorization: Bearer ${your_bearer_token}" -v
Replace the following placeholders with your values and run the command:
${your_environment_url}: Your full Dynatrace environment URL, for example, xyz12345.apps.dynatrace.com.${your_bearer_token}: Set the platform settings token you have created as part of the prerequisites.${objectId}: Set the captured objectId which identified the specific monitoring configuration (for example, xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx).Because the -v flag is included, the command prints the full request/response trace (not just a status code). A successful deletion returns an empty body with a 204 status, shown here at the end of the trace:
> Host: xyz12345.apps.dynatrace.com> User-Agent: curl/8.7.1> Accept: application/json> Content-Type: application/json; charset=utf-8> Authorization: Bearer ${your_bearer_token}>* Request completely sent off< HTTP/2 204
If the API call fails with errors (4xx), validate that:
objectId is the correct one.Deleting a monitoring configuration from the API does not delete any AWS resources.
To avoid charges from AWS, delete all created AWS resources.
Modifying a monitoring configuration is an atomic API call and will be effective immediately. The only supported method is the following steps:
GETPUTThe PUT endpoint requires the full configuration object—partial payloads are not supported. This is why the workflow below always starts with a GET—you modify only the fields you need on top of the full object returned, then submit the whole thing back.
Remember: Modification support varies across monitoring configuration fields. Certain fields are read-only, while others are not currently eligible for modification. See the monitoring configuration fields reference before proceeding.
Before modifying a monitoring configuration, retrieve its current settings so you can update only the fields you need without overwriting others.
Use the saved objectId or go to
Settings, and capture the connection's Configuration ID property (connection Overview tab).
Prepare this command:
curl -X GET \"https://${your_environment_url}/platform/extensions/v2/extensions/com.dynatrace.extension.da-aws/monitoring-configurations/${objectId}" \-H "Accept: application/json" \-H "Authorization: Bearer ${your_bearer_token}" | tee ${objectId}.json
Replace the following placeholders with your values and run the command:
${your_environment_url}: Your full Dynatrace environment URL, for example, xyz12345.apps.dynatrace.com.${your_bearer_token}: Set the platform settings token you have created as part of the prerequisites.${objectId}: Set the captured objectId which identifies the specific monitoring configuration (for example, xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx).The response should look similar to this:
{"objectId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx","scope": "integration-aws","value": {"enabled": true,"description": "test-aws-monitoring-east","version": "1.0.0","featureSets": ["ApplicationELB_essential","AutoScaling_essential","CloudFront_essential","DynamoDB_essential","EBS_essential","EC2_essential","ECR_essential","ECS_ContainerInsights_essential","ECS_essential","EFS_essential","ELB_essential","ElastiCache_essential","Firehose_essential","Lambda_essential","NATGateway_essential","NetworkELB_essential","PrivateLinkEndpoints_essential","PrivateLinkServices_essential","RDS_essential","Route53_essential","S3_essential","SNS_essential","SQS_essential"],"activationContext": "DATA_ACQUISITION","aws": {"deploymentRegion": "us-east-1","credentials": [{"description": "HAS connection","enabled": true,"connectionId": "[REDACTED]","accountId": "[REDACTED]","rootOrganizationId": "[REDACTED]","parentConfigurationId": "[REDACTED]"}],"regionFiltering": ["us-east-1","us-east-2"],"tagFiltering": [],"tagEnrichment": ["test","appid","group","center"],"smartscapeConfiguration": {"enabled": true},"metricsConfiguration": {"enabled": true,"regions": ["us-east-1","us-east-2"]},"cloudWatchLogsConfiguration": {"enabled": true,"regions": ["us-east-1","us-east-2"]},"namespaces": [],"configurationMode": "QUICK_START","deploymentMode": "AUTOMATED","deploymentScope": "SINGLE_ACCOUNT","manualDeploymentStatus": "NA","automatedDeploymentStatus": "COMPLETE","automatedDeploymentTemplateVersion": "v1.0.6"}},"modificationInfo": {"createdTime": "[REDACTED]","createdBy": "[REDACTED]","lastModifiedTime": "[REDACTED]","lastModifiedBy": "[REDACTED]"}}
The response is also saved into a local file named: ${objectId}.json.
If the API call fails, validate that:
objectId is correct and the monitoring configuration exists.Patch your local ${objectId}.json file with the new settings and save the file. In this example, the tag costgroup is added to tagEnrichment:
{"objectId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx","scope": "integration-aws","value": {"enabled": true,"description": "test-aws-monitoring-east","version": "1.0.0","featureSets": ["ApplicationELB_essential","AutoScaling_essential","CloudFront_essential","DynamoDB_essential","EBS_essential","EC2_essential","ECR_essential","ECS_ContainerInsights_essential","ECS_essential","EFS_essential","ELB_essential","ElastiCache_essential","Firehose_essential","Lambda_essential","NATGateway_essential","NetworkELB_essential","PrivateLinkEndpoints_essential","PrivateLinkServices_essential","RDS_essential","Route53_essential","S3_essential","SNS_essential","SQS_essential"],"activationContext": "DATA_ACQUISITION","aws": {"deploymentRegion": "us-east-1","credentials": [{"description": "HAS connection","enabled": true,"connectionId": "[REDACTED]","accountId": "[REDACTED]","rootOrganizationId": "[REDACTED]","parentConfigurationId": "[REDACTED]"}],"regionFiltering": ["us-east-1","us-east-2"],"tagFiltering": [],"tagEnrichment": ["test","appid","group","center","costgroup"],"smartscapeConfiguration": {"enabled": true},"metricsConfiguration": {"enabled": true,"regions": ["us-east-1","us-east-2"]},"cloudWatchLogsConfiguration": {"enabled": true,"regions": ["us-east-1","us-east-2"]},"namespaces": [],"configurationMode": "QUICK_START","deploymentMode": "AUTOMATED","deploymentScope": "SINGLE_ACCOUNT","manualDeploymentStatus": "NA","automatedDeploymentStatus": "COMPLETE","automatedDeploymentTemplateVersion": "v1.0.6"}},"modificationInfo": {"createdTime": "[REDACTED]","createdBy": "[REDACTED]","lastModifiedTime": "[REDACTED]","lastModifiedBy": "[REDACTED]"}}
The PUT endpoint requires the full configuration object. Partial payloads are not supported. Always base your payload on the GET response from the previous step.
Submit the patched monitoring configuration to the REST API:
curl -X PUT \"https://${your_environment_url}/platform/extensions/v2/extensions/com.dynatrace.extension.da-aws/monitoring-configurations/${objectId}" \-H "Accept: application/json" \-H "Content-Type: application/json; charset=utf-8" \-H "Authorization: Bearer ${your_bearer_token}" \-d @${objectId}.json
Replace the following placeholders with your values and run the command:
${your_environment_url}: Your full Dynatrace environment URL, for example, xyz12345.apps.dynatrace.com.${your_bearer_token}: Set the platform settings token you have created as part of the prerequisites.${objectId}: Set the captured objectId which identifies the specific monitoring configuration (for example, xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx).A successful response returns the updated objectId:
[{"objectId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx","code": 200}]
If the API call fails with errors (4xx), validate that: