Amazon Simple Storage Service (Amazon S3) monitoring

Dynatrace ingests metrics for multiple preselected namespaces, including Amazon Simple Storage Service (Amazon S3). You can view metrics for each service instance, split metrics into multiple dimensions, and create custom charts that you can pin to your dashboards.

Prerequisites

To enable monitoring for this service, you need

ActiveGate version 1.181+, as follows:
- For Dynatrace SaaS deployments, you need an Environment ActiveGate or a Multi-environment ActiveGate.
- For Dynatrace Managed deployments, you can use any kind of ActiveGate.
  
  For role-based access (whether in a SaaS or Managed deployment), you need an Environment ActiveGate installed on an Amazon EC2 host.
Dynatrace version 1.182+
An updated AWS monitoring policy to include the additional AWS services.
To update the AWS IAM policy, use the JSON below, containing the monitoring policy (permissions) for all supporting services.

1{
2  "Version": "2012-10-17",
3  "Statement": [
4    {
5      "Sid": "VisualEditor0",
6      "Effect": "Allow",
7      "Action": [
8        "acm-pca:ListCertificateAuthorities",
9        "apigateway:GET",
10        "apprunner:ListServices",
11        "appstream:DescribeFleets",
12        "appsync:ListGraphqlApis",
13        "athena:ListWorkGroups",
14        "autoscaling:DescribeAutoScalingGroups",
15        "cloudformation:ListStackResources",
16        "cloudfront:ListDistributions",
17        "cloudhsm:DescribeClusters",
18        "cloudsearch:DescribeDomains",
19        "cloudwatch:GetMetricData",
20        "cloudwatch:GetMetricStatistics",
21        "cloudwatch:ListMetrics",
22        "codebuild:ListProjects",
23        "datasync:ListTasks",
24        "dax:DescribeClusters",
25        "directconnect:DescribeConnections",
26        "dms:DescribeReplicationInstances",
27        "dynamodb:ListTables",
28        "dynamodb:ListTagsOfResource",
29        "ec2:DescribeAvailabilityZones",
30        "ec2:DescribeInstances",
31        "ec2:DescribeNatGateways",
32        "ec2:DescribeSpotFleetRequests",
33        "ec2:DescribeTransitGateways",
34        "ec2:DescribeVolumes",
35        "ec2:DescribeVpnConnections",
36        "ecs:ListClusters",
37        "eks:ListClusters",
38        "elasticache:DescribeCacheClusters",
39        "elasticbeanstalk:DescribeEnvironmentResources",
40        "elasticbeanstalk:DescribeEnvironments",
41        "elasticfilesystem:DescribeFileSystems",
42        "elasticloadbalancing:DescribeInstanceHealth",
43        "elasticloadbalancing:DescribeListeners",
44        "elasticloadbalancing:DescribeLoadBalancers",
45        "elasticloadbalancing:DescribeRules",
46        "elasticloadbalancing:DescribeTags",
47        "elasticloadbalancing:DescribeTargetHealth",
48        "elasticmapreduce:ListClusters",
49        "elastictranscoder:ListPipelines",
50        "es:ListDomainNames",
51        "events:ListEventBuses",
52        "firehose:ListDeliveryStreams",
53        "fsx:DescribeFileSystems",
54        "gamelift:ListFleets",
55        "glue:GetJobs",
56        "inspector:ListAssessmentTemplates",
57        "kafka:ListClusters",
58        "kinesis:ListStreams",
59        "kinesisanalytics:ListApplications",
60        "kinesisvideo:ListStreams",
61        "lambda:ListFunctions",
62        "lambda:ListTags",
63        "lex:GetBots",
64        "logs:DescribeLogGroups",
65        "mediaconnect:ListFlows",
66        "mediaconvert:DescribeEndpoints",
67        "mediapackage-vod:ListPackagingConfigurations",
68        "mediapackage:ListChannels",
69        "mediatailor:ListPlaybackConfigurations",
70        "opsworks:DescribeStacks",
71        "qldb:ListLedgers",
72        "rds:DescribeDBClusters",
73        "rds:DescribeDBInstances",
74        "rds:DescribeEvents",
75        "rds:ListTagsForResource",
76        "redshift:DescribeClusters",
77        "robomaker:ListSimulationJobs",
78        "route53:ListHostedZones",
79        "route53resolver:ListResolverEndpoints",
80        "s3:ListAllMyBuckets",
81        "sagemaker:ListEndpoints",
82        "sns:ListTopics",
83        "sqs:ListQueues",
84        "storagegateway:ListGateways",
85        "sts:GetCallerIdentity",
86        "swf:ListDomains",
87        "tag:GetResources",
88        "tag:GetTagKeys",
89        "transfer:ListServers",
90        "workmail:ListOrganizations",
91        "workspaces:DescribeWorkspaces"
92      ],
93      "Resource": "*"
94    }
95  ]
96}

If you don't want to add permissions to all services, and just select permissions for certain services, consult the table below. The table contains a set of permissions that are required for all services (All monitored Amazon services) and, for each supporting service, a list of optional permissions specific to that service.

Name	Additional permissions
AWS Certificate Manager Private Certificate Authority	"acm-pca:ListCertificateAuthorities"
All monitored Amazon services	"cloudwatch:GetMetricData", "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics", "sts:GetCallerIdentity", "tag:GetResources", "tag:GetTagKeys", "ec2:DescribeAvailabilityZones"
Amazon MQ
Amazon API Gateway	"apigateway:GET"
AWS App Runner	"apprunner:ListServices"
Amazon AppStream	"appstream:DescribeFleets"
AWS AppSync	"appsync:ListGraphqlApis"
Amazon Athena	"athena:ListWorkGroups"
Amazon Aurora	"rds:DescribeDBClusters"
Amazon EC2 Auto Scaling	"autoscaling:DescribeAutoScalingGroups"
Amazon EC2 Auto Scaling (built-in)	"autoscaling:DescribeAutoScalingGroups"
AWS Billing
Amazon Keyspaces
AWS Chatbot
Amazon CloudFront	"cloudfront:ListDistributions"
AWS CloudHSM	"cloudhsm:DescribeClusters"
Amazon CloudSearch	"cloudsearch:DescribeDomains"
AWS CodeBuild	"codebuild:ListProjects"
Amazon Cognito
Amazon Connect
Amazon Elastic Kubernetes Service (EKS)	"eks:ListClusters"
AWS DataSync	"datasync:ListTasks"
Amazon DynamoDB Accelerator (DAX)	"dax:DescribeClusters"
Amazon Database Migration Service	"dms:DescribeReplicationInstances"
Amazon DocumentDB	"rds:DescribeDBClusters"
AWS Direct Connect	"directconnect:DescribeConnections"
Amazon DynamoDB	"dynamodb:ListTables"
Amazon DynamoDB (built-in)	"dynamodb:ListTables", "dynamodb:ListTagsOfResource"
Amazon EBS	"ec2:DescribeVolumes"
Amazon EBS (built-in)	"ec2:DescribeVolumes"
Amazon EC2 API
Amazon EC2 (built-in)	"ec2:DescribeInstances"
Amazon EC2 Spot Fleet	"ec2:DescribeSpotFleetRequests"
Amazon Elastic Container Service (ECS)	"ecs:ListClusters"
Amazon ECS ContainerInsights	"ecs:ListClusters"
Amazon ElastiCache (EC)	"elasticache:DescribeCacheClusters"
AWS Elastic Beanstalk	"elasticbeanstalk:DescribeEnvironments"
Amazon Elastic File System (EFS)	"elasticfilesystem:DescribeFileSystems"
Amazon Elastic Inference
Amazon Elastic Map Reduce (EMR)	"elasticmapreduce:ListClusters"
Amazon Elasticsearch Service (ES)	"es:ListDomainNames"
Amazon Elastic Transcoder	"elastictranscoder:ListPipelines"
AWS Elastic Load Balancing (ELB) (built-in)	"elasticloadbalancing:DescribeInstanceHealth", "elasticloadbalancing:DescribeListeners", "elasticloadbalancing:DescribeLoadBalancers", "elasticloadbalancing:DescribeRules", "elasticloadbalancing:DescribeTags", "elasticloadbalancing:DescribeTargetHealth"
Amazon EventBridge	"events:ListEventBuses"
Amazon FSx	"fsx:DescribeFileSystems"
Amazon GameLift	"gamelift:ListFleets"
AWS Glue	"glue:GetJobs"
Amazon Inspector	"inspector:ListAssessmentTemplates"
AWS Internet of Things (IoT)
AWS IoT Analytics
Amazon Managed Streaming for Kafka	"kafka:ListClusters"
Amazon Kinesis Data Analytics	"kinesisanalytics:ListApplications"
Amazon Kinesis Data Firehose	"firehose:ListDeliveryStreams"
Amazon Kinesis Data Streams	"kinesis:ListStreams"
Amazon Kinesis Video Streams	"kinesisvideo:ListStreams"
Amazon Lambda	"lambda:ListFunctions"
AWS Lambda (built-in)	"lambda:ListFunctions", "lambda:ListTags"
Amazon Lex	"lex:GetBots"
AWS Application and Network Load Balancer (built-in)	"elasticloadbalancing:DescribeInstanceHealth", "elasticloadbalancing:DescribeListeners", "elasticloadbalancing:DescribeLoadBalancers", "elasticloadbalancing:DescribeRules", "elasticloadbalancing:DescribeTags", "elasticloadbalancing:DescribeTargetHealth"
Amazon CloudWatch Logs	"logs:DescribeLogGroups"
AWS Elemental MediaConnect	"mediaconnect:ListFlows"
Amazon MediaConvert	"mediaconvert:DescribeEndpoints"
Amazon MediaPackage Live	"mediapackage:ListChannels"
Amazon MediaPackage Video on Demand	"mediapackage-vod:ListPackagingConfigurations"
Amazon MediaTailor	"mediatailor:ListPlaybackConfigurations"
Amazon VPC NAT Gateways	"ec2:DescribeNatGateways"
Amazon Neptune	"rds:DescribeDBClusters"
AWS OpsWorks	"opsworks:DescribeStacks"
Amazon Polly
Amazon QLDB	"qldb:ListLedgers"
Amazon RDS	"rds:DescribeDBInstances"
Amazon RDS (built-in)	"rds:DescribeDBInstances", "rds:DescribeEvents", "rds:ListTagsForResource"
Amazon Redshift	"redshift:DescribeClusters"
Amazon Rekognition
AWS RoboMaker	"robomaker:ListSimulationJobs"
Amazon Route 53	"route53:ListHostedZones"
Amazon Route 53 Resolver	"route53resolver:ListResolverEndpoints"
Amazon S3	"s3:ListAllMyBuckets"
Amazon S3 (built-in)	"s3:ListAllMyBuckets"
Amazon SageMaker Batch Transform Jobs
Amazon SageMaker Endpoint Instances	"sagemaker:ListEndpoints"
Amazon SageMaker Endpoints	"sagemaker:ListEndpoints"
Amazon SageMaker Ground Truth
Amazon SageMaker Processing Jobs
Amazon SageMaker Training Jobs
AWS Service Catalog
Amazon Simple Email Service (SES)
Amazon Simple Notification Service (SNS)	"sns:ListTopics"
Amazon Simple Queue Service (SQS)	"sqs:ListQueues"
AWS Systems Manager - Run Command
AWS Step Functions
AWS Storage Gateway	"storagegateway:ListGateways"
Amazon SWF	"swf:ListDomains"
Amazon Textract
AWS IoT Things Graph
Amazon Transfer Family	"transfer:ListServers"
AWS Transit Gateway	"ec2:DescribeTransitGateways"
Amazon Translate
AWS Trusted Advisor
AWS API Usage
AWS Site-to-Site VPN	"ec2:DescribeVpnConnections"
Amazon WAF Classic
Amazon WAF
Amazon WorkMail	"workmail:ListOrganizations"
Amazon WorkSpaces	"workspaces:DescribeWorkspaces"

Example of JSON policy for one single service.

1{
2  "Version": "2012-10-17",
3  "Statement": [
4          {
5                  "Sid": "VisualEditor0",
6                  "Effect": "Allow",
7                  "Action": [
8                          "apigateway:GET",
9                          "cloudwatch:GetMetricData",
10                          "cloudwatch:GetMetricStatistics",
11                          "cloudwatch:ListMetrics",
12                          "sts:GetCallerIdentity",
13                          "tag:GetResources",
14                          "tag:GetTagKeys",
15                          "ec2:DescribeAvailabilityZones"
16                  ],
17                  "Resource": "*"
18          }
19      ]
20}

In this example, from the complete list of permissions you need to select

"apigateway:GET" for Amazon API Gateway
"cloudwatch:GetMetricData", "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics", "sts:GetCallerIdentity", "tag:GetResources", "tag:GetTagKeys", and "ec2:DescribeAvailabilityZones" for All monitored Amazon services.

A request metrics filter for the buckets you want to monitor. For more information, see Creating a request metrics filter for an S3 bucket in AWS documentation.

To monitor S3 metrics, you need to select Amazon S3 service, otherwise Amazon S3 (built-in) will provide only a basic count of S3 buckets in your account.

By default, request metrics aren't reported. To have them reported, you need to enable them in the AWS S3 console.

Enable monitoring

To learn how to enable service monitoring, see Enable service monitoring.

View service metrics

You can view the service metrics in your Dynatrace environment either on the custom device overview page or on your Dashboards page.

View metrics on the custom device overview page

To access the custom device overview page

In the Dynatrace menu, go to Technologies and processes.
Filter by service name and select the relevant custom device group.
Once you select the custom device group, you're on the custom device group overview page.
The custom device group overview page lists all instances (custom devices) belonging to the group. Select an instance to view the custom device overview page.

View metrics on your dashboard

You can also view metrics in the Dynatrace web UI on dashboards. There is no preset dashboard available for this service, but you can create your own dashboard.

To check the availability of preset dashboards for each AWS service, see the list below.

AWS service	Preset dashboard
AWS Certificate Manager Private Certificate Authority	no
Amazon MQ	yes
Amazon API Gateway	no
AWS App Runner	no
Amazon AppStream	yes
AWS AppSync	yes
Amazon Athena	yes
Amazon Aurora	no
Amazon EC2 Auto Scaling	yes
Amazon EC2 Auto Scaling (built-in)	no
AWS Billing	yes
Amazon Keyspaces	yes
AWS Chatbot	yes
Amazon CloudFront	no
AWS CloudHSM	yes
Amazon CloudSearch	yes
AWS CodeBuild	yes
Amazon Cognito	no
Amazon Connect	yes
Amazon Elastic Kubernetes Service (EKS)	yes
AWS DataSync	yes
Amazon DynamoDB Accelerator (DAX)	yes
Amazon Database Migration Service	yes
Amazon DocumentDB	yes
AWS Direct Connect	yes
Amazon DynamoDB	no
Amazon DynamoDB (built-in)	no
Amazon EBS	no
Amazon EBS (built-in)	no
Amazon EC2 API	yes
Amazon EC2 (built-in)	no
Amazon EC2 Spot Fleet	no
Amazon Elastic Container Service (ECS)	no
Amazon ECS ContainerInsights	yes
Amazon ElastiCache (EC)	no
AWS Elastic Beanstalk	yes
Amazon Elastic File System (EFS)	no
Amazon Elastic Inference	yes
Amazon Elastic Map Reduce (EMR)	no
Amazon Elasticsearch Service (ES)	no
Amazon Elastic Transcoder	yes
AWS Elastic Load Balancing (ELB) (built-in)	no
Amazon EventBridge	yes
Amazon FSx	yes
Amazon GameLift	yes
AWS Glue	no
Amazon Inspector	yes
AWS Internet of Things (IoT)	no
AWS IoT Analytics	yes
Amazon Managed Streaming for Kafka	yes
Amazon Kinesis Data Analytics	no
Amazon Kinesis Data Firehose	no
Amazon Kinesis Data Streams	no
Amazon Kinesis Video Streams	no
Amazon Lambda	no
AWS Lambda (built-in)	no
Amazon Lex	yes
AWS Application and Network Load Balancer (built-in)	no
Amazon CloudWatch Logs	yes
AWS Elemental MediaConnect	yes
Amazon MediaConvert	yes
Amazon MediaPackage Live	yes
Amazon MediaPackage Video on Demand	yes
Amazon MediaTailor	yes
Amazon VPC NAT Gateways	no
Amazon Neptune	yes
AWS OpsWorks	yes
Amazon Polly	yes
Amazon QLDB	yes
Amazon RDS	no
Amazon RDS (built-in)	no
Amazon Redshift	no
Amazon Rekognition	yes
AWS RoboMaker	yes
Amazon Route 53	yes
Amazon Route 53 Resolver	yes
Amazon S3	no
Amazon S3 (built-in)	no
Amazon SageMaker Batch Transform Jobs	no
Amazon SageMaker Endpoint Instances	no
Amazon SageMaker Endpoints	no
Amazon SageMaker Ground Truth	no
Amazon SageMaker Processing Jobs	no
Amazon SageMaker Training Jobs	no
AWS Service Catalog	yes
Amazon Simple Email Service (SES)	no
Amazon Simple Notification Service (SNS)	no
Amazon Simple Queue Service (SQS)	no
AWS Systems Manager - Run Command	yes
AWS Step Functions	yes
AWS Storage Gateway	yes
Amazon SWF	yes
Amazon Textract	yes
AWS IoT Things Graph	yes
Amazon Transfer Family	yes
AWS Transit Gateway	yes
Amazon Translate	yes
AWS Trusted Advisor	yes
AWS API Usage	yes
AWS Site-to-Site VPN	yes
Amazon WAF Classic	yes
Amazon WAF	yes
Amazon WorkMail	yes
Amazon WorkSpaces	yes

Available metrics

Name	Description	Unit	Statistics	Dimensions
AllRequests	The total number of HTTP requests made to an Amazon S3 bucket, regardless of type	Count	Sum	BucketName, FilterId
BytesDownloaded	The number of bytes downloaded for requests made to an Amazon S3 bucket, where the response includes a body	Bytes	Multi	BucketName, FilterId
BytesDownloaded		Bytes	Sum	BucketName, FilterId
BytesDownloaded		Count	Count	BucketName, FilterId
BytesUploaded	The number of bytes uploaded that contain a request body, made to an Amazon S3 bucket	Bytes	Multi	BucketName, FilterId
BytesUploaded		Bytes	Sum	BucketName, FilterId
BytesUploaded		Count	Count	BucketName, FilterId
DeleteRequests	The number of HTTP DELETE requests made for objects in an Amazon S3 bucket (includes Delete multiple objects requests).	Count	Sum	BucketName, FilterId
FirstByteLatency	Per request, the time from when the Amazon S3 bucket receives the complete request to when the response starts to be returned	Milliseconds	Multi	BucketName, FilterId
FirstByteLatency		Milliseconds	Sum	BucketName, FilterId
FirstByteLatency		Count	Count	BucketName, FilterId
GetRequests	The number of HTTP GET requests made for objects in an Amazon S3 bucket (doesn't include list operations)	Count	Sum	BucketName, FilterId
HeadRequests	The number of HTTP HEAD requests made to an Amazon S3 bucket	Count	Sum	BucketName, FilterId
ListRequests	The number of HTTP requests that list the contents of a bucket	Count	Sum	BucketName, FilterId
PostRequests	The number of HTTP POST requests made to an Amazon S3 bucket	Count	Sum	BucketName, FilterId
PutRequests	The number of HTTP PUT requests made for objects in an Amazon S3 bucket	Count	Sum	BucketName, FilterId
SelectRequests	The number of Amazon S3 SelectObjectContent requests made for objects in an Amazon S3 bucket	Count	Sum	BucketName, FilterId
SelectReturnedBytes	The number of bytes of data returned with Amazon S3 SelectObjectContent requests in an Amazon S3 bucket	Bytes	Multi	BucketName, FilterId
SelectReturnedBytes		Bytes	Sum	BucketName, FilterId
SelectReturnedBytes		Count	Count	BucketName, FilterId
SelectScannedBytes	The number of bytes of data scanned with Amazon S3 SelectObjectContent requests in an Amazon S3 bucket	Bytes	Multi	BucketName, FilterId
SelectScannedBytes		Bytes	Sum	BucketName, FilterId
SelectScannedBytes		Count	Count	BucketName, FilterId
TotalRequestLatency	The time per request, starting from the first byte received to the last byte sent to an Amazon S3 bucket. This includes the time taken to receive the request body and send the response body, which is not included in FirstByteLatency.	Milliseconds	Multi	BucketName, FilterId
TotalRequestLatency		Milliseconds	Sum	BucketName, FilterId
TotalRequestLatency		Count	Count	BucketName, FilterId
4xxErrors	The number of HTTP 4xx client error status code requests made to an Amazon S3 bucket with a value of either 0 or 1. The average statistic shows the error rate, and the sum statistic shows the count of that type of error, during each period.	Count	Multi	BucketName, FilterId
4xxErrors		Count	Sum	BucketName, FilterId
4xxErrors		Count	Count	BucketName, FilterId
5xxErrors	The number of HTTP 5xx server error status code requests made to an Amazon S3 bucket with a value of either 0 or 1. The average statistic shows the error rate, and the sum statistic shows the count of that type of error, during each period.	Count	Multi	BucketName, FilterId
5xxErrors		Count	Sum	BucketName, FilterId
5xxErrors		Count	Count	BucketName, FilterId