Monitor AWS Lambda (built-in)

Dynatrace ingests metrics for multiple preselected namespaces, including AWS Lambda. You can view metrics for each service instance, split metrics into multiple dimensions, and create custom charts that you can pin to your dashboards.

Prerequisites

To enable monitoring for this service, you need:

  • Any version of ActiveGate in both Dynatrace SaaS and Managed deployments.

    For role-based access (whether in a SaaS or Managed deployment), you need an ActiveGate installed on an Amazon EC2 host.

  • An updated AWS monitoring policy to include the additional AWS services.
    To update the AWS IAM policy, use the JSON below, containing the monitoring policy (permissions) for all cloud services.

{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"acm-pca:ListCertificateAuthorities",
"apigateway:GET",
"apprunner:ListServices",
"appstream:DescribeFleets",
"appsync:ListGraphqlApis",
"athena:ListWorkGroups",
"autoscaling:DescribeAutoScalingGroups",
"cloudformation:ListStackResources",
"cloudfront:ListDistributions",
"cloudhsm:DescribeClusters",
"cloudsearch:DescribeDomains",
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"codebuild:ListProjects",
"datasync:ListTasks",
"dax:DescribeClusters",
"directconnect:DescribeConnections",
"dms:DescribeReplicationInstances",
"dynamodb:ListTables",
"dynamodb:ListTagsOfResource",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeInstances",
"ec2:DescribeNatGateways",
"ec2:DescribeSpotFleetRequests",
"ec2:DescribeTransitGateways",
"ec2:DescribeVolumes",
"ec2:DescribeVpnConnections",
"ecs:ListClusters",
"eks:ListClusters",
"elasticache:DescribeCacheClusters",
"elasticbeanstalk:DescribeEnvironmentResources",
"elasticbeanstalk:DescribeEnvironments",
"elasticfilesystem:DescribeFileSystems",
"elasticloadbalancing:DescribeInstanceHealth",
"elasticloadbalancing:DescribeListeners",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeRules",
"elasticloadbalancing:DescribeTags",
"elasticloadbalancing:DescribeTargetHealth",
"elasticmapreduce:ListClusters",
"elastictranscoder:ListPipelines",
"es:ListDomainNames",
"events:ListEventBuses",
"firehose:ListDeliveryStreams",
"fsx:DescribeFileSystems",
"gamelift:ListFleets",
"glue:GetJobs",
"inspector:ListAssessmentTemplates",
"kafka:ListClusters",
"kinesis:ListStreams",
"kinesisanalytics:ListApplications",
"kinesisvideo:ListStreams",
"lambda:ListFunctions",
"lambda:ListTags",
"lex:GetBots",
"logs:DescribeLogGroups",
"mediaconnect:ListFlows",
"mediaconvert:DescribeEndpoints",
"mediapackage-vod:ListPackagingConfigurations",
"mediapackage:ListChannels",
"mediatailor:ListPlaybackConfigurations",
"opsworks:DescribeStacks",
"qldb:ListLedgers",
"rds:DescribeDBClusters",
"rds:DescribeDBInstances",
"rds:DescribeEvents",
"rds:ListTagsForResource",
"redshift:DescribeClusters",
"robomaker:ListSimulationJobs",
"route53:ListHostedZones",
"route53resolver:ListResolverEndpoints",
"s3:ListAllMyBuckets",
"sagemaker:ListEndpoints",
"sns:ListTopics",
"sqs:ListQueues",
"storagegateway:ListGateways",
"sts:GetCallerIdentity",
"swf:ListDomains",
"tag:GetResources",
"tag:GetTagKeys",
"transfer:ListServers",
"workmail:ListOrganizations",
"workspaces:DescribeWorkspaces"
],
"Resource": "*"
}
]
}

If you don't want to add permissions to all services, and just select permissions for certain services, consult the table below. The table contains a set of permissions that are required for All AWS cloud services and, for each cloud service, a list of optional permissions specific to that service.

Permissions required for AWS monitoring integration:
  • "cloudwatch:GetMetricData"
  • "cloudwatch:GetMetricStatistics"
  • "cloudwatch:ListMetrics"
  • "sts:GetCallerIdentity"
  • "tag:GetResources"
  • "tag:GetTagKeys"
  • "ec2:DescribeAvailabilityZones"
Name
Permissions
All monitored Amazon services required
cloudwatch:GetMetricData,
cloudwatch:GetMetricStatistics,
cloudwatch:ListMetrics,
sts:GetCallerIdentity,
tag:GetResources,
tag:GetTagKeys,
ec2:DescribeAvailabilityZones
AWS Certificate Manager Private Certificate Authority
acm-pca:ListCertificateAuthorities
Amazon MQ
Amazon API Gateway
apigateway:GET
AWS App Runner
apprunner:ListServices
Amazon AppStream
appstream:DescribeFleets
AWS AppSync
appsync:ListGraphqlApis
Amazon Athena
athena:ListWorkGroups
Amazon Aurora
rds:DescribeDBClusters
Amazon EC2 Auto Scaling
autoscaling:DescribeAutoScalingGroups
Amazon EC2 Auto Scaling (built-in)
autoscaling:DescribeAutoScalingGroups
AWS Billing
Amazon Keyspaces
AWS Chatbot
Amazon CloudFront
cloudfront:ListDistributions
AWS CloudHSM
cloudhsm:DescribeClusters
Amazon CloudSearch
cloudsearch:DescribeDomains
AWS CodeBuild
codebuild:ListProjects
Amazon Cognito
Amazon Connect
Amazon Elastic Kubernetes Service (EKS)
eks:ListClusters
AWS DataSync
datasync:ListTasks
Amazon DynamoDB Accelerator (DAX)
dax:DescribeClusters
AWS Database Migration Service (AWS DMS)
dms:DescribeReplicationInstances
Amazon DocumentDB
rds:DescribeDBClusters
AWS Direct Connect
directconnect:DescribeConnections
Amazon DynamoDB
dynamodb:ListTables
Amazon DynamoDB (built-in)
dynamodb:ListTables,
dynamodb:ListTagsOfResource
Amazon EBS
ec2:DescribeVolumes
Amazon EBS (built-in)
ec2:DescribeVolumes
Amazon EC2 API
Amazon EC2 (built-in)
ec2:DescribeInstances
Amazon EC2 Spot Fleet
ec2:DescribeSpotFleetRequests
Amazon Elastic Container Service (ECS)
ecs:ListClusters
Amazon ECS Container Insights
ecs:ListClusters
Amazon ElastiCache (EC)
elasticache:DescribeCacheClusters
AWS Elastic Beanstalk
elasticbeanstalk:DescribeEnvironments
Amazon Elastic File System (EFS)
elasticfilesystem:DescribeFileSystems
Amazon Elastic Inference
Amazon Elastic Map Reduce (EMR)
elasticmapreduce:ListClusters
Amazon Elasticsearch Service (ES)
es:ListDomainNames
Amazon Elastic Transcoder
elastictranscoder:ListPipelines
Amazon Elastic Load Balancer (ELB) (built-in)
elasticloadbalancing:DescribeInstanceHealth,
elasticloadbalancing:DescribeListeners,
elasticloadbalancing:DescribeLoadBalancers,
elasticloadbalancing:DescribeRules,
elasticloadbalancing:DescribeTags,
elasticloadbalancing:DescribeTargetHealth
Amazon EventBridge
events:ListEventBuses
Amazon FSx
fsx:DescribeFileSystems
Amazon GameLift
gamelift:ListFleets
AWS Glue
glue:GetJobs
Amazon Inspector
inspector:ListAssessmentTemplates
AWS Internet of Things (IoT)
AWS IoT Analytics
Amazon Managed Streaming for Kafka
kafka:ListClusters
Amazon Kinesis Data Analytics
kinesisanalytics:ListApplications
Amazon Data Firehose
firehose:ListDeliveryStreams
Amazon Kinesis Data Streams
kinesis:ListStreams
Amazon Kinesis Video Streams
kinesisvideo:ListStreams
AWS Lambda
lambda:ListFunctions
AWS Lambda (built-in)
lambda:ListFunctions,
lambda:ListTags
Amazon Lex
lex:GetBots
Amazon Application and Network Load Balancer (built-in)
elasticloadbalancing:DescribeInstanceHealth,
elasticloadbalancing:DescribeListeners,
elasticloadbalancing:DescribeLoadBalancers,
elasticloadbalancing:DescribeRules,
elasticloadbalancing:DescribeTags,
elasticloadbalancing:DescribeTargetHealth
Amazon CloudWatch Logs
logs:DescribeLogGroups
AWS Elemental MediaConnect
mediaconnect:ListFlows
AWS Elemental MediaConvert
mediaconvert:DescribeEndpoints
AWS Elemental MediaPackage Live
mediapackage:ListChannels
AWS Elemental MediaPackage Video on Demand
mediapackage-vod:ListPackagingConfigurations
AWS Elemental MediaTailor
mediatailor:ListPlaybackConfigurations
Amazon VPC NAT Gateways
ec2:DescribeNatGateways
Amazon Neptune
rds:DescribeDBClusters
AWS OpsWorks
opsworks:DescribeStacks
Amazon Polly
Amazon QLDB
qldb:ListLedgers
Amazon RDS
rds:DescribeDBInstances
Amazon RDS (built-in)
rds:DescribeDBInstances,
rds:DescribeEvents,
rds:ListTagsForResource
Amazon Redshift
redshift:DescribeClusters
Amazon Rekognition
AWS RoboMaker
robomaker:ListSimulationJobs
Amazon Route 53
route53:ListHostedZones
Amazon Route 53 Resolver
route53resolver:ListResolverEndpoints
Amazon S3
s3:ListAllMyBuckets
Amazon S3 (built-in)
s3:ListAllMyBuckets
Amazon SageMaker Batch Transform Jobs
Amazon SageMaker Endpoint Instances
sagemaker:ListEndpoints
Amazon SageMaker Endpoints
sagemaker:ListEndpoints
Amazon SageMaker Ground Truth
Amazon SageMaker Processing Jobs
Amazon SageMaker Training Jobs
AWS Service Catalog
Amazon Simple Email Service (SES)
Amazon Simple Notification Service (SNS)
sns:ListTopics
Amazon Simple Queue Service (SQS)
sqs:ListQueues
AWS Systems Manager - Run Command
AWS Step Functions
AWS Storage Gateway
storagegateway:ListGateways
Amazon SWF
swf:ListDomains
Amazon Textract
AWS IoT Things Graph
AWS Transfer Family
transfer:ListServers
AWS Transit Gateway
ec2:DescribeTransitGateways
Amazon Translate
AWS Trusted Advisor
AWS API Usage
AWS Site-to-Site VPN
ec2:DescribeVpnConnections
AWS WAF Classic
AWS WAF
Amazon WorkMail
workmail:ListOrganizations
Amazon WorkSpaces
workspaces:DescribeWorkspaces

Example of JSON policy for one single service.

{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"apigateway:GET",
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"sts:GetCallerIdentity",
"tag:GetResources",
"tag:GetTagKeys",
"ec2:DescribeAvailabilityZones"
],
"Resource": "*"
}
]
}

In this example, from the complete list of permissions you need to select

  • "apigateway:GET" for Amazon API Gateway

  • "cloudwatch:GetMetricData", "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics", "sts:GetCallerIdentity", "tag:GetResources", "tag:GetTagKeys", and "ec2:DescribeAvailabilityZones" for All AWS cloud services.

  • To disable monitoring of built-in services, you need Environment ActiveGate version 1.245+ and Dynatrace version 1.247+.

Endpoint
Service
autoscaling.<REGION>.amazonaws.com
Amazon EC2 Auto Scaling (built-in), Amazon EC2 Auto Scaling
lambda.<REGION>.amazonaws.com
AWS Lambda (built-in), AWS Lambda
elasticloadbalancing.<REGION>.amazonaws.com
Amazon Application and Network Load Balancer (built-in), Amazon Elastic Load Balancer (ELB) (built-in)
dynamodb.<REGION>.amazonaws.com
Amazon DynamoDB (built-in), Amazon DynamoDB
ec2.<REGION>.amazonaws.com
Amazon EBS (built-in), Amazon EC2 (built-in), Amazon EBS, Amazon EC2 Spot Fleet, Amazon VPC NAT Gateways, AWS Transit Gateway, AWS Site-to-Site VPN
rds.<REGION>.amazonaws.com
Amazon RDS (built-in), Amazon Aurora, Amazon DocumentDB, Amazon Neptune, Amazon RDS
s3.<REGION>.amazonaws.com
Amazon S3 (built-in)
acm-pca.<REGION>.amazonaws.com
AWS Certificate Manager Private Certificate Authority
apigateway.<REGION>.amazonaws.com
Amazon API Gateway
apprunner.<REGION>.amazonaws.com
AWS App Runner
appstream2.<REGION>.amazonaws.com
Amazon AppStream
appsync.<REGION>.amazonaws.com
AWS AppSync
athena.<REGION>.amazonaws.com
Amazon Athena
cloudfront.amazonaws.com
Amazon CloudFront
cloudhsmv2.<REGION>.amazonaws.com
AWS CloudHSM
cloudsearch.<REGION>.amazonaws.com
Amazon CloudSearch
codebuild.<REGION>.amazonaws.com
AWS CodeBuild
datasync.<REGION>.amazonaws.com
AWS DataSync
dax.<REGION>.amazonaws.com
Amazon DynamoDB Accelerator (DAX)
dms.<REGION>.amazonaws.com
AWS Database Migration Service (AWS DMS)
directconnect.<REGION>.amazonaws.com
AWS Direct Connect
ecs.<REGION>.amazonaws.com
Amazon Elastic Container Service (ECS), Amazon ECS Container Insights
elasticfilesystem.<REGION>.amazonaws.com
Amazon Elastic File System (EFS)
eks.<REGION>.amazonaws.com
Amazon Elastic Kubernetes Service (EKS)
elasticache.<REGION>.amazonaws.com
Amazon ElastiCache (EC)
elasticbeanstalk.<REGION>.amazonaws.com
AWS Elastic Beanstalk
elastictranscoder.<REGION>.amazonaws.com
Amazon Elastic Transcoder
es.<REGION>.amazonaws.com
Amazon Elasticsearch Service (ES)
events.<REGION>.amazonaws.com
Amazon EventBridge
fsx.<REGION>.amazonaws.com
Amazon FSx
gamelift.<REGION>.amazonaws.com
Amazon GameLift
glue.<REGION>.amazonaws.com
AWS Glue
inspector.<REGION>.amazonaws.com
Amazon Inspector
kafka.<REGION>.amazonaws.com
Amazon Managed Streaming for Kafka
models.lex.<REGION>.amazonaws.com
Amazon Lex
logs.<REGION>.amazonaws.com
Amazon CloudWatch Logs
api.mediatailor.<REGION>.amazonaws.com
AWS Elemental MediaTailor
mediaconnect.<REGION>.amazonaws.com
AWS Elemental MediaConnect
mediapackage.<REGION>.amazonaws.com
AWS Elemental MediaPackage Live
mediapackage-vod.<REGION>.amazonaws.com
AWS Elemental MediaPackage Video on Demand
opsworks.<REGION>.amazonaws.com
AWS OpsWorks
qldb.<REGION>.amazonaws.com
Amazon QLDB
redshift.<REGION>.amazonaws.com
Amazon Redshift
robomaker.<REGION>.amazonaws.com
AWS RoboMaker
route53.amazonaws.com
Amazon Route 53
route53resolver.<REGION>.amazonaws.com
Amazon Route 53 Resolver
api.sagemaker.<REGION>.amazonaws.com
Amazon SageMaker Endpoints, Amazon SageMaker Endpoint Instances
sns.<REGION>.amazonaws.com
Amazon Simple Notification Service (SNS)
sqs.<REGION>.amazonaws.com
Amazon Simple Queue Service (SQS)
storagegateway.<REGION>.amazonaws.com
AWS Storage Gateway
swf.<REGION>.amazonaws.com
Amazon SWF
transfer.<REGION>.amazonaws.com
AWS Transfer Family
workmail.<REGION>.amazonaws.com
Amazon WorkMail
workspaces.<REGION>.amazonaws.com
Amazon WorkSpaces

Enable monitoring

To learn how to enable service monitoring, see Enable service monitoring.

View service metrics

You can view the service metrics in your Dynatrace environment either on the AWS account page or on your Dashboards page.

View metrics on the AWS account page

To view metrics on the AWS account page

  1. Go to AWS or AWS Classic (latest Dynatrace).
  2. Choose AWS account you want to check metrics for.
  3. Select Service box. Metrics for the selected service are visible under the infographic in the service section.

View metrics on the Dashboard

You can also create your own dashboard. For more information on how to create dashboards, go to Create and edit Dynatrace dashboards

Example of AWS built-in monitoring service

example of AWS builtin monitoring service

Built-in services specifics

This is a built-in service. It's monitored out-of-the-box once a new AWS integration instance is created. For built-in services, all metrics are recommended (changing configuration is not possible).

Available metrics

Metric key
Name
Unit
Aggregations
Monitoring consumption
builtin:cloud.aws.lambda.concExecutions

LambdaFunction concurrent executions count

Count
autoavgcountmaxminsum
DDUs
builtin:cloud.aws.lambda.duration

LambdaFunction code execution time.

Millisecond
autoavgcountmaxminsum
DDUs
builtin:cloud.aws.lambda.errors

LambdaFunction number of failed invocations with HTTP 4XX status code

Count
autovalue
DDUs
builtin:cloud.aws.lambda.errorsRate

LambdaFunction rate of failed invocations to all invocations %

Percent (%)
autoavgmaxmin
DDUs
builtin:cloud.aws.lambda.invocations

LambdaFunction number of times a function is invoked

Count
autovalue
DDUs
builtin:cloud.aws.lambda.provConcExecutions

LambdaFunction provisioned concurrent executions count

Count
autovalue
DDUs
builtin:cloud.aws.lambda.provConcInvocations

LambdaFunction provisioned concurrency invocation count

Count
autovalue
DDUs
builtin:cloud.aws.lambda.provConcSpilloverInvocations

LambdaFunction provisioned concurrency spillover invocation count

Count
autovalue
DDUs
builtin:cloud.aws.lambda.throttlers

LambdaFunction throttled function invocation count

Count
autovalue
DDUs