Monitor Amazon Web Services with Amazon CloudWatch metrics

Follow this guide to start ingesting data remotely from Amazon CloudWatch.

Its main focus is on infrastructure monitoring of AWS services: Dynatrace monitoring AWS services via CloudWatch.

See What's next? for Full-Stack and Log Monitoring of your AWS services.

After you have established the initial monitoring, you can add, remove, or modify service monitoring using the Dynatrace web UI, at scale, or using the Dynatrace API.

To learn the measurements collected for each of the AWS services, see:

The Amazon Web Services infrastructure monitoring provides metrics from CloudWatch, infrastructure data available via public AWS API, and specific events. The data is collected in five-minute intervals.

Cost of monitoring

  • Each service monitored by Dynatrace through CloudWatch, as well as log processing and analysis, consumes DDUs.

  • Amazon may charge you extra for CloudWatch metric queries. For details on these additional costs, please consult Amazon CloudWatch pricing online documentation.

Monitoring prerequisites

There are three prerequisites for the AWS monitoring setup:

Step 1 Dynatrace admin permissions

To manage AWS monitoring configuration, you need permissions to read and modify the builtin:cloud.aws schema.

  • Both settings:objects:read and settings:objects:write are required.
  • They are included in the Change monitoring settings permissions.
  • Read-only access is not supported.

See Manage user permissions with roles for details on how to manage and set permissions.

Step 2 ActiveGate capable of AWS Monitoring

To monitor Amazon Web services, Dynatrace needs to be able to connect to the Amazon CloudWatch API and query it periodically. At least one ActiveGate needs to be able to connect to Amazon CloudWatch to perform the monitoring tasks. Your ActiveGate needs to be able to connect to the endpoints listed below.

From Dynatrace version 1.267+, only role-based access can be used. Key-based authorization is no longer available for new credentials. For existing key-based credentials, you can keep using keys indefinitely. We recommend switching to role-based authentication using the dedicated button on the configuration page. Dynatrace automatically checks the configuration to ensure the correct configuration of roles.

Key-based authentication is allowed only for AWS GovCloud and China partitions.

If you're a SaaS customer, an ActiveGate capable of monitoring your AWS account for classic (built-in) supported services is already provided and available within the Dynatrace AWS account.

However, to monitor specific non-default AWS Cloud services or if your AWS account exceeds 2,000 AWS resources, you must install and configure an Environment ActiveGate. Follow the ActiveGate installation guide and resume this guide when done.

You must install and configure an Environment ActiveGate if you want to monitor either or both of the following:

Allow ActiveGate to access AWS URLs

The integration accesses the following AWS API endpoints, so they must be accessible from your ActiveGate:

  • AWS Security Token Service (AWS STS)

    https://sts.amazonaws.com/

    AWS STS is a global endpoint by default. When using a regional endpoint, sts.<REGION>.amazonaws.com needs to be accessible.

    See AWS STS Regionalized endpoints in AWS official documentation for the recommended regional STS endpoint configuration.

    recommended Use the AWS config file to configure regional STS endpoint.

  • AWS Resource Groups Tagging

    https://tagging.<REGION>.amazonaws.com/
  • Amazon CloudWatch

    https://monitoring.<REGION>.amazonaws.com/
  • Amazon EC2

    ec2.<REGION>.amazonaws.com

Other endpoints may be required depending on the services you need to monitor.

Consult the tables below for endpoints specific to each service you might want to monitor and for AWS regions supported by Dynatrace AWS Monitoring.

Endpoint
Service
autoscaling.<REGION>.amazonaws.com
Amazon EC2 Auto Scaling (built-in), Amazon EC2 Auto Scaling
lambda.<REGION>.amazonaws.com
AWS Lambda (built-in), AWS Lambda
elasticloadbalancing.<REGION>.amazonaws.com
Amazon Application and Network Load Balancer (built-in), Amazon Elastic Load Balancer (ELB) (built-in)
dynamodb.<REGION>.amazonaws.com
Amazon DynamoDB (built-in), Amazon DynamoDB
ec2.<REGION>.amazonaws.com
Amazon EBS (built-in), Amazon EC2 (built-in), Amazon EBS, Amazon EC2 Spot Fleet, Amazon VPC NAT Gateways, AWS Transit Gateway, AWS Site-to-Site VPN
rds.<REGION>.amazonaws.com
Amazon RDS (built-in), Amazon Aurora, Amazon DocumentDB, Amazon Neptune, Amazon RDS
s3.<REGION>.amazonaws.com
Amazon S3 (built-in)
acm-pca.<REGION>.amazonaws.com
AWS Certificate Manager Private Certificate Authority
apigateway.<REGION>.amazonaws.com
Amazon API Gateway
apprunner.<REGION>.amazonaws.com
AWS App Runner
appstream2.<REGION>.amazonaws.com
Amazon AppStream
appsync.<REGION>.amazonaws.com
AWS AppSync
athena.<REGION>.amazonaws.com
Amazon Athena
cloudfront.amazonaws.com
Amazon CloudFront
cloudhsmv2.<REGION>.amazonaws.com
AWS CloudHSM
cloudsearch.<REGION>.amazonaws.com
Amazon CloudSearch
codebuild.<REGION>.amazonaws.com
AWS CodeBuild
datasync.<REGION>.amazonaws.com
AWS DataSync
dax.<REGION>.amazonaws.com
Amazon DynamoDB Accelerator (DAX)
dms.<REGION>.amazonaws.com
AWS Database Migration Service (AWS DMS)
directconnect.<REGION>.amazonaws.com
AWS Direct Connect
ecs.<REGION>.amazonaws.com
Amazon Elastic Container Service (ECS), Amazon ECS Container Insights
elasticfilesystem.<REGION>.amazonaws.com
Amazon Elastic File System (EFS)
eks.<REGION>.amazonaws.com
Amazon Elastic Kubernetes Service (EKS)
elasticache.<REGION>.amazonaws.com
Amazon ElastiCache (EC)
elasticbeanstalk.<REGION>.amazonaws.com
AWS Elastic Beanstalk
elastictranscoder.<REGION>.amazonaws.com
Amazon Elastic Transcoder
es.<REGION>.amazonaws.com
Amazon Elasticsearch Service (ES)
events.<REGION>.amazonaws.com
Amazon EventBridge
fsx.<REGION>.amazonaws.com
Amazon FSx
gamelift.<REGION>.amazonaws.com
Amazon GameLift
glue.<REGION>.amazonaws.com
AWS Glue
inspector.<REGION>.amazonaws.com
Amazon Inspector
kafka.<REGION>.amazonaws.com
Amazon Managed Streaming for Kafka
models.lex.<REGION>.amazonaws.com
Amazon Lex
logs.<REGION>.amazonaws.com
Amazon CloudWatch Logs
api.mediatailor.<REGION>.amazonaws.com
AWS Elemental MediaTailor
mediaconnect.<REGION>.amazonaws.com
AWS Elemental MediaConnect
mediapackage.<REGION>.amazonaws.com
AWS Elemental MediaPackage Live
mediapackage-vod.<REGION>.amazonaws.com
AWS Elemental MediaPackage Video on Demand
opsworks.<REGION>.amazonaws.com
AWS OpsWorks
qldb.<REGION>.amazonaws.com
Amazon QLDB
redshift.<REGION>.amazonaws.com
Amazon Redshift
robomaker.<REGION>.amazonaws.com
AWS RoboMaker
route53.amazonaws.com
Amazon Route 53
route53resolver.<REGION>.amazonaws.com
Amazon Route 53 Resolver
api.sagemaker.<REGION>.amazonaws.com
Amazon SageMaker Endpoints, Amazon SageMaker Endpoint Instances
sns.<REGION>.amazonaws.com
Amazon Simple Notification Service (SNS)
sqs.<REGION>.amazonaws.com
Amazon Simple Queue Service (SQS)
storagegateway.<REGION>.amazonaws.com
AWS Storage Gateway
swf.<REGION>.amazonaws.com
Amazon SWF
transfer.<REGION>.amazonaws.com
AWS Transfer Family
workmail.<REGION>.amazonaws.com
Amazon WorkMail
workspaces.<REGION>.amazonaws.com
Amazon WorkSpaces
Region
Region name
us-gov-west-1
AWS GovCloud (US)
us-gov-east-1
AWS GovCloud (US-East)
us-east-1
US East (N. Virginia)
us-east-2
US East (Ohio)
us-west-1
US West (N. California)
us-west-2
US West (Oregon)
eu-west-1
EU (Ireland)
eu-west-2
EU (London)
eu-west-3
EU (Paris)
eu-central-1
EU (Frankfurt)
eu-central-2
EU (Zurich)
eu-north-1
EU (Stockholm)
eu-south-1
EU (Milan)
eu-south-2
EU (Spain)
ap-east-1
Asia Pacific (Hong Kong)
ap-south-1
Asia Pacific (Mumbai)
ap-south-2
Asia Pacific (Hyderabad)
ap-southeast-1
Asia Pacific (Singapore)
ap-southeast-2
Asia Pacific (Sydney)
ap-southeast-3
Asia Pacific (Jakarta)
ap-southeast-4
Asia Pacific (Melbourne)
ap-northeast-1
Asia Pacific (Tokyo)
ap-northeast-2
Asia Pacific (Seoul)
ap-northeast-3
Asia Pacific (Osaka)
sa-east-1
South America (Sao Paulo)
cn-north-1
China (Beijing)
cn-northwest-1
China (Ningxia)
ca-central-1
Canada (Central)
ca-west-1
Canada West (Calgary)
il-central-1
Israel (Tel Aviv)
me-central-1
Middle East (UAE)
me-south-1
Middle East (Bahrain)
af-south-1
Africa (Cape Town)
us-iso-east-1
US ISO East
us-isob-east-1
US ISOB East (Ohio)
us-iso-west-1
US ISO West
Proxy

The most frequent cause of certificate issues with the TLS interception proxy is a missing proxy's CA certificate in the ActiveGate truststore.

If you're still having proxy issues, see:

"Communication error."

Make sure that the URLs are whitelisted. Otherwise, you might get communication or timeout errors.

Step 3 AWS monitoring policy and role-based authentication

To perform these steps, you need to have AWS admin privileges.

The AWS monitoring policy defines the minimal scope of permissions you need to give to Dynatrace to monitor the services running in your AWS account. Create it once and use it any time when enabling Dynatrace access to your AWS account. If you don't want to add permissions to all services, and just select permissions for certain services, consult the table below. The table contains a set of permissions that are required for all AWS cloud services, a list of optional permissions specific to that service.

Permissions required for AWS monitoring integration:
  • "cloudwatch:GetMetricData"
  • "cloudwatch:GetMetricStatistics"
  • "cloudwatch:ListMetrics"
  • "sts:GetCallerIdentity"
  • "tag:GetResources"
  • "tag:GetTagKeys"
  • "ec2:DescribeAvailabilityZones"
Name
Permissions
All monitored Amazon services required
cloudwatch:GetMetricData,
cloudwatch:GetMetricStatistics,
cloudwatch:ListMetrics,
sts:GetCallerIdentity,
tag:GetResources,
tag:GetTagKeys,
ec2:DescribeAvailabilityZones
AWS Certificate Manager Private Certificate Authority
acm-pca:ListCertificateAuthorities
Amazon MQ
Amazon API Gateway
apigateway:GET
AWS App Runner
apprunner:ListServices
Amazon AppStream
appstream:DescribeFleets
AWS AppSync
appsync:ListGraphqlApis
Amazon Athena
athena:ListWorkGroups
Amazon Aurora
rds:DescribeDBClusters
Amazon EC2 Auto Scaling
autoscaling:DescribeAutoScalingGroups
Amazon EC2 Auto Scaling (built-in)
autoscaling:DescribeAutoScalingGroups
AWS Billing
Amazon Keyspaces
AWS Chatbot
Amazon CloudFront
cloudfront:ListDistributions
AWS CloudHSM
cloudhsm:DescribeClusters
Amazon CloudSearch
cloudsearch:DescribeDomains
AWS CodeBuild
codebuild:ListProjects
Amazon Cognito
Amazon Connect
Amazon Elastic Kubernetes Service (EKS)
eks:ListClusters
AWS DataSync
datasync:ListTasks
Amazon DynamoDB Accelerator (DAX)
dax:DescribeClusters
AWS Database Migration Service (AWS DMS)
dms:DescribeReplicationInstances
Amazon DocumentDB
rds:DescribeDBClusters
AWS Direct Connect
directconnect:DescribeConnections
Amazon DynamoDB
dynamodb:ListTables
Amazon DynamoDB (built-in)
dynamodb:ListTables,
dynamodb:ListTagsOfResource
Amazon EBS
ec2:DescribeVolumes
Amazon EBS (built-in)
ec2:DescribeVolumes
Amazon EC2 API
Amazon EC2 (built-in)
ec2:DescribeInstances
Amazon EC2 Spot Fleet
ec2:DescribeSpotFleetRequests
Amazon Elastic Container Service (ECS)
ecs:ListClusters
Amazon ECS Container Insights
ecs:ListClusters
Amazon ElastiCache (EC)
elasticache:DescribeCacheClusters
AWS Elastic Beanstalk
elasticbeanstalk:DescribeEnvironments
Amazon Elastic File System (EFS)
elasticfilesystem:DescribeFileSystems
Amazon Elastic Inference
Amazon Elastic Map Reduce (EMR)
elasticmapreduce:ListClusters
Amazon Elasticsearch Service (ES)
es:ListDomainNames
Amazon Elastic Transcoder
elastictranscoder:ListPipelines
Amazon Elastic Load Balancer (ELB) (built-in)
elasticloadbalancing:DescribeInstanceHealth,
elasticloadbalancing:DescribeListeners,
elasticloadbalancing:DescribeLoadBalancers,
elasticloadbalancing:DescribeRules,
elasticloadbalancing:DescribeTags,
elasticloadbalancing:DescribeTargetHealth
Amazon EventBridge
events:ListEventBuses
Amazon FSx
fsx:DescribeFileSystems
Amazon GameLift
gamelift:ListFleets
AWS Glue
glue:GetJobs
Amazon Inspector
inspector:ListAssessmentTemplates
AWS Internet of Things (IoT)
AWS IoT Analytics
Amazon Managed Streaming for Kafka
kafka:ListClusters
Amazon Kinesis Data Analytics
kinesisanalytics:ListApplications
Amazon Data Firehose
firehose:ListDeliveryStreams
Amazon Kinesis Data Streams
kinesis:ListStreams
Amazon Kinesis Video Streams
kinesisvideo:ListStreams
AWS Lambda
lambda:ListFunctions
AWS Lambda (built-in)
lambda:ListFunctions,
lambda:ListTags
Amazon Lex
lex:GetBots
Amazon Application and Network Load Balancer (built-in)
elasticloadbalancing:DescribeInstanceHealth,
elasticloadbalancing:DescribeListeners,
elasticloadbalancing:DescribeLoadBalancers,
elasticloadbalancing:DescribeRules,
elasticloadbalancing:DescribeTags,
elasticloadbalancing:DescribeTargetHealth
Amazon CloudWatch Logs
logs:DescribeLogGroups
AWS Elemental MediaConnect
mediaconnect:ListFlows
AWS Elemental MediaConvert
mediaconvert:DescribeEndpoints
AWS Elemental MediaPackage Live
mediapackage:ListChannels
AWS Elemental MediaPackage Video on Demand
mediapackage-vod:ListPackagingConfigurations
AWS Elemental MediaTailor
mediatailor:ListPlaybackConfigurations
Amazon VPC NAT Gateways
ec2:DescribeNatGateways
Amazon Neptune
rds:DescribeDBClusters
AWS OpsWorks
opsworks:DescribeStacks
Amazon Polly
Amazon QLDB
qldb:ListLedgers
Amazon RDS
rds:DescribeDBInstances
Amazon RDS (built-in)
rds:DescribeDBInstances,
rds:DescribeEvents,
rds:ListTagsForResource
Amazon Redshift
redshift:DescribeClusters
Amazon Rekognition
AWS RoboMaker
robomaker:ListSimulationJobs
Amazon Route 53
route53:ListHostedZones
Amazon Route 53 Resolver
route53resolver:ListResolverEndpoints
Amazon S3
s3:ListAllMyBuckets
Amazon S3 (built-in)
s3:ListAllMyBuckets
Amazon SageMaker Batch Transform Jobs
Amazon SageMaker Endpoint Instances
sagemaker:ListEndpoints
Amazon SageMaker Endpoints
sagemaker:ListEndpoints
Amazon SageMaker Ground Truth
Amazon SageMaker Processing Jobs
Amazon SageMaker Training Jobs
AWS Service Catalog
Amazon Simple Email Service (SES)
Amazon Simple Notification Service (SNS)
sns:ListTopics
Amazon Simple Queue Service (SQS)
sqs:ListQueues
AWS Systems Manager - Run Command
AWS Step Functions
AWS Storage Gateway
storagegateway:ListGateways
Amazon SWF
swf:ListDomains
Amazon Textract
AWS IoT Things Graph
AWS Transfer Family
transfer:ListServers
AWS Transit Gateway
ec2:DescribeTransitGateways
Amazon Translate
AWS Trusted Advisor
AWS API Usage
AWS Site-to-Site VPN
ec2:DescribeVpnConnections
AWS WAF Classic
AWS WAF
Amazon WorkMail
workmail:ListOrganizations
Amazon WorkSpaces
workspaces:DescribeWorkspaces

To get the information required for comprehensive AWS cloud-computing monitoring, you have to authorize Dynatrace to access your Amazon metrics. Dynatrace will identify all the virtualized infrastructure components in your AWS environment and collect performance metrics related to those components.

Next, select the deployment model that best describes your environment and follow the procedure for that model.

Only for AWS GovCloud and China partitions is key-based authentication allowed.

In this scenario you have to create an AWS monitoring policy and generate a key pair with that policy.

AWS Identity and Access Management (IAM) permission boundaries may deny AWS actions required by Dynatrace. If you use IAM permission boundary on your AWS account, make sure that actions from policy are allowed in all AWS regions within permission boundary.

To create the AWS monitoring policy

  1. In your Amazon Console, go to Identity and Access Management.
  2. Go to Policies and select Create policy.
  3. Select the JSON tab and paste the predefined policy from the box below.
    {
    "Version": "2012-10-17",
    "Statement": [
    {
    "Sid": "VisualEditor0",
    "Effect": "Allow",
    "Action": [
    "acm-pca:ListCertificateAuthorities",
    "apigateway:GET",
    "apprunner:ListServices",
    "appstream:DescribeFleets",
    "appsync:ListGraphqlApis",
    "athena:ListWorkGroups",
    "autoscaling:DescribeAutoScalingGroups",
    "cloudformation:ListStackResources",
    "cloudfront:ListDistributions",
    "cloudhsm:DescribeClusters",
    "cloudsearch:DescribeDomains",
    "cloudwatch:GetMetricData",
    "cloudwatch:GetMetricStatistics",
    "cloudwatch:ListMetrics",
    "codebuild:ListProjects",
    "datasync:ListTasks",
    "dax:DescribeClusters",
    "directconnect:DescribeConnections",
    "dms:DescribeReplicationInstances",
    "dynamodb:ListTables",
    "dynamodb:ListTagsOfResource",
    "ec2:DescribeAvailabilityZones",
    "ec2:DescribeInstances",
    "ec2:DescribeNatGateways",
    "ec2:DescribeSpotFleetRequests",
    "ec2:DescribeTransitGateways",
    "ec2:DescribeVolumes",
    "ec2:DescribeVpnConnections",
    "ecs:ListClusters",
    "eks:ListClusters",
    "elasticache:DescribeCacheClusters",
    "elasticbeanstalk:DescribeEnvironmentResources",
    "elasticbeanstalk:DescribeEnvironments",
    "elasticfilesystem:DescribeFileSystems",
    "elasticloadbalancing:DescribeInstanceHealth",
    "elasticloadbalancing:DescribeListeners",
    "elasticloadbalancing:DescribeLoadBalancers",
    "elasticloadbalancing:DescribeRules",
    "elasticloadbalancing:DescribeTags",
    "elasticloadbalancing:DescribeTargetHealth",
    "elasticmapreduce:ListClusters",
    "elastictranscoder:ListPipelines",
    "es:ListDomainNames",
    "events:ListEventBuses",
    "firehose:ListDeliveryStreams",
    "fsx:DescribeFileSystems",
    "gamelift:ListFleets",
    "glue:GetJobs",
    "inspector:ListAssessmentTemplates",
    "kafka:ListClusters",
    "kinesis:ListStreams",
    "kinesisanalytics:ListApplications",
    "kinesisvideo:ListStreams",
    "lambda:ListFunctions",
    "lambda:ListTags",
    "lex:GetBots",
    "logs:DescribeLogGroups",
    "mediaconnect:ListFlows",
    "mediaconvert:DescribeEndpoints",
    "mediapackage-vod:ListPackagingConfigurations",
    "mediapackage:ListChannels",
    "mediatailor:ListPlaybackConfigurations",
    "opsworks:DescribeStacks",
    "qldb:ListLedgers",
    "rds:DescribeDBClusters",
    "rds:DescribeDBInstances",
    "rds:DescribeEvents",
    "rds:ListTagsForResource",
    "redshift:DescribeClusters",
    "robomaker:ListSimulationJobs",
    "route53:ListHostedZones",
    "route53resolver:ListResolverEndpoints",
    "s3:ListAllMyBuckets",
    "sagemaker:ListEndpoints",
    "sns:ListTopics",
    "sqs:ListQueues",
    "storagegateway:ListGateways",
    "sts:GetCallerIdentity",
    "swf:ListDomains",
    "tag:GetResources",
    "tag:GetTagKeys",
    "transfer:ListServers",
    "workmail:ListOrganizations",
    "workspaces:DescribeWorkspaces"
    ],
    "Resource": "*"
    }
    ]
    }
  4. Give the policy a name.
  5. Select Create policy.

You'll need to generate an Access key and a Secret access key that Dynatrace can use to get metrics from Amazon Web Services.

  1. In your Amazon Console, go to Users and select Add Users.
  2. Enter the User name.
  3. In the next screen, choose Attach policies directly and attach the policy that you created before.
  4. Review the user details and select Create user.
  5. From the list of users, select your newly created user name and go to Security credentials, then select Create access key.
  6. On Access key best practices & alternatives, select Third-party service, and then select Next.
  7. On Retrieve access keys, store the Access Key ID name (AKID) and Secret access key values.
  8. You can either download the user credentials or copy the credentials displayed online (select Show).

Terraform templates are an alternative way of creating and configuring AWS roles. For detailed instructions on how to create AWS roles with Terraform, see Configuring AWS role-based access with Terraform

Create monitoring configuration

You can create, activate, and manage multiple monitoring connections. Each connection is defined by the credentials and/or access tokens required for Dynatrace to be able to pull in the data.

Allowing for multiple connections and configurations makes it possible to monitor even extremely complex environments. With such an approach, you don't need to configure everything at once. Instead, you can gradually add monitoring configurations to your existing setup. Such an architecture also makes it easy to react to the dynamic changes of the monitored environment, without needing to reconfigure the unaffected elements.

Step 1 Add a new AWS connection

If you have followed all the prior steps, you are ready to configure Amazon Web Services monitoring.

To add a new AWS connection

  1. Go to Settings > Cloud and virtualization > AWS. The page lists AWS connections already configured.

    If you haven't provided an ActiveGate required for AWS monitoring (check Prerequisites for details), the respective information will be provided on the screen and you will not be able to continue with the configuration process.

    You can go back to changing the already configured connections at any later point in time.

    1. Go to Settings > Cloud and virtualization > AWS. The page lists existing connections.
    2. Edit connections as needed.
      • To edit an existing connection or the monitored services within, select Edit Edit in that row.
      • To delete an existing connection, select Delete Remove in that row.
  2. Select Connect new instance and complete the following fields.

    • Enabled toggle—make sure it's selected if you want to monitor this configuration.

    • Connection name—enter a descriptive name for the connection.

    • Authentication method—select Role-based authentication.

    • IAM role…—enter the name of the role you created in Amazon for Dynatrace (either Dynatrace_monitoring_role or a customized role name, if you created one). Remember to always use the role that contains all required permissions.

    • Your Amazon account ID—enter your Amazon account ID (the account you want Dynatrace to pull metrics from).

  3. Select Connect to verify and save the connection.

    If your AWS account is on a different partition than the default AWS partition, you can use the AWS partition list to select your partition.

    You can limit the data acquired from the CloudWatch by defining a tag-based filter of specific resources. See Limit API calls to AWS using tags for more details on tag-based filtering.

Step 2 AWS cloud services monitored by default

After Dynatrace connects to your AWS environment, it immediately starts monitoring selected AWS services. Classic (formerly "built-in") AWS metrics lists the metrics of AWS cloud services monitored by default.

Step 3 Monitor other AWS services

In addition to AWS services, it's also possible to monitor all other AWS cloud services. AWS cloud services are enabled for monitoring per AWS connection.

To add a service to monitoring:

  1. Go to Settings > Cloud and virtualization > AWS.
  2. On the AWS overview page, find the connection that you want to change and select Edit Edit in that row.
  3. Under Services, select Manage services.
  4. Select Add service.
  5. Select the service from the list and then select Add service.
  6. Select Save changes to save your configuration.

You can add multiple cloud services by repeating the steps above.

After you add a service, Dynatrace automatically starts collecting a set of metrics for this particular service.

Recommended metrics:

  • Enabled by default
  • Can not be disabled
  • Can come with recommended dimensions (enabled by default, can't be disabled)
  • Can come with optional dimensions (disabled by default, can be enabled)

Apart from the recommended metrics, most services have the possibility of enabling optional metrics that can be added and configured manually.

To see the complete list of AWS cloud services and learn about the metrics collected for each of them, see All AWS cloud services.

Alternatively, you can check the list of supported AWS Services within in-product Dynatrace Hub (search for AWS) or in the web version of Dynatrace Hub.

  1. Go to Settings > Cloud and virtualization > AWS.
  2. On the AWS overview page, find the connection that you want to change and select the edit icon next to its name.
  3. Go to Services and select Manage services.
  4. To add a metric select the service for which you want to add metrics and select Add new metric.
  5. From the menu select Add metric for the metric you want to monitor.
  6. Select Edit to configure the metric.
  7. Select Apply to save your configuration.

After you select the cloud services and save your changes, monitoring of the newly added services starts automatically.

What's next?

Within minutes, you'll see the data on your dashboards.

To see the core measurements per each of the AWS connections

  1. Go to AWS or AWS Classic (latest Dynatrace).
  2. Select the connection for which you want to see an overview of the AWS infrastructure.

You can also build your own dashboard from the metrics collected for your AWS instances. For details on building dashboards, see Dashboards Classic.

Dynatrace OneAgent offers unparalleled depth of insight into hosts, containers, and code. To learn more, see Amazon Web Services Integrations.

After you set up AWS monitoring, you can:

  • Set up metric events for alerting. This enables you to create, enable, disable and configure recommended alerting rules.
  • Limit API calls to AWS using tags. By default, Dynatrace monitors all Amazon Web Services that have been specified in your permission policy. Optionally, you can use tagging to limit the AWS resources that are monitored by Dynatrace.

This method of monitoring does not require an ActiveGate. Dynatrace integration with Amazon CloudWatch Metric Streams provides a simple and safe way to ingest AWS metrics. Amazon CloudWatch Metric Streams allows all metrics issued in a given AWS region to be streamed through Kinesis Firehose to the Dynatrace API. For details, see Amazon CloudWatch Metric Streams.