Amazon Simple Storage Service (Amazon S3) (built-in)

Dynatrace ingests metrics for multiple preselected namespaces, including Amazon Simple Storage Service (Amazon S3) (built-in). You can view metrics for each service instance, split metrics into multiple dimensions, and create custom charts that you can pin to your dashboards.

Prerequisites

To enable monitoring for this service, you need:

Any version of ActiveGate in both Dynatrace SaaS and Managed deployments.

For role-based access (whether in a SaaS or Managed deployment), you need an ActiveGate installed on an Amazon EC2 host.
An updated AWS monitoring policy to include the additional AWS services.
To update the AWS IAM policy, use the JSON below, containing the monitoring policy (permissions) for all cloud services.

1{
2  "Version": "2012-10-17",
3  "Statement": [
4    {
5      "Sid": "VisualEditor0",
6      "Effect": "Allow",
7      "Action": [
8        "acm-pca:ListCertificateAuthorities",
9        "apigateway:GET",
10        "apprunner:ListServices",
11        "appstream:DescribeFleets",
12        "appsync:ListGraphqlApis",
13        "athena:ListWorkGroups",
14        "autoscaling:DescribeAutoScalingGroups",
15        "cloudformation:ListStackResources",
16        "cloudfront:ListDistributions",
17        "cloudhsm:DescribeClusters",
18        "cloudsearch:DescribeDomains",
19        "cloudwatch:GetMetricData",
20        "cloudwatch:GetMetricStatistics",
21        "cloudwatch:ListMetrics",
22        "codebuild:ListProjects",
23        "datasync:ListTasks",
24        "dax:DescribeClusters",
25        "directconnect:DescribeConnections",
26        "dms:DescribeReplicationInstances",
27        "dynamodb:ListTables",
28        "dynamodb:ListTagsOfResource",
29        "ec2:DescribeAvailabilityZones",
30        "ec2:DescribeInstances",
31        "ec2:DescribeNatGateways",
32        "ec2:DescribeSpotFleetRequests",
33        "ec2:DescribeTransitGateways",
34        "ec2:DescribeVolumes",
35        "ec2:DescribeVpnConnections",
36        "ecs:ListClusters",
37        "eks:ListClusters",
38        "elasticache:DescribeCacheClusters",
39        "elasticbeanstalk:DescribeEnvironmentResources",
40        "elasticbeanstalk:DescribeEnvironments",
41        "elasticfilesystem:DescribeFileSystems",
42        "elasticloadbalancing:DescribeInstanceHealth",
43        "elasticloadbalancing:DescribeListeners",
44        "elasticloadbalancing:DescribeLoadBalancers",
45        "elasticloadbalancing:DescribeRules",
46        "elasticloadbalancing:DescribeTags",
47        "elasticloadbalancing:DescribeTargetHealth",
48        "elasticmapreduce:ListClusters",
49        "elastictranscoder:ListPipelines",
50        "es:ListDomainNames",
51        "events:ListEventBuses",
52        "firehose:ListDeliveryStreams",
53        "fsx:DescribeFileSystems",
54        "gamelift:ListFleets",
55        "glue:GetJobs",
56        "inspector:ListAssessmentTemplates",
57        "kafka:ListClusters",
58        "kinesis:ListStreams",
59        "kinesisanalytics:ListApplications",
60        "kinesisvideo:ListStreams",
61        "lambda:ListFunctions",
62        "lambda:ListTags",
63        "lex:GetBots",
64        "logs:DescribeLogGroups",
65        "mediaconnect:ListFlows",
66        "mediaconvert:DescribeEndpoints",
67        "mediapackage-vod:ListPackagingConfigurations",
68        "mediapackage:ListChannels",
69        "mediatailor:ListPlaybackConfigurations",
70        "opsworks:DescribeStacks",
71        "qldb:ListLedgers",
72        "rds:DescribeDBClusters",
73        "rds:DescribeDBInstances",
74        "rds:DescribeEvents",
75        "rds:ListTagsForResource",
76        "redshift:DescribeClusters",
77        "robomaker:ListSimulationJobs",
78        "route53:ListHostedZones",
79        "route53resolver:ListResolverEndpoints",
80        "s3:ListAllMyBuckets",
81        "sagemaker:ListEndpoints",
82        "sns:ListTopics",
83        "sqs:ListQueues",
84        "storagegateway:ListGateways",
85        "sts:GetCallerIdentity",
86        "swf:ListDomains",
87        "tag:GetResources",
88        "tag:GetTagKeys",
89        "transfer:ListServers",
90        "workmail:ListOrganizations",
91        "workspaces:DescribeWorkspaces"
92      ],
93      "Resource": "*"
94    }
95  ]
96}

If you don't want to add permissions to all services, and just select permissions for certain services, consult the table below. The table contains a set of permissions that are required for all services (All monitored Amazon services) and, for each cloud service, a list of optional permissions specific to that service.

Name	Additional permissions
AWS Certificate Manager Private Certificate Authority	"acm-pca:ListCertificateAuthorities"
All monitored Amazon services	"cloudwatch:GetMetricData", "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics", "sts:GetCallerIdentity", "tag:GetResources", "tag:GetTagKeys", "ec2:DescribeAvailabilityZones"
Amazon MQ
Amazon API Gateway	"apigateway:GET"
AWS App Runner	"apprunner:ListServices"
Amazon AppStream	"appstream:DescribeFleets"
AWS AppSync	"appsync:ListGraphqlApis"
Amazon Athena	"athena:ListWorkGroups"
Amazon Aurora	"rds:DescribeDBClusters"
Amazon EC2 Auto Scaling	"autoscaling:DescribeAutoScalingGroups"
Amazon EC2 Auto Scaling (built-in)	"autoscaling:DescribeAutoScalingGroups"
AWS Billing
Amazon Keyspaces
AWS Chatbot
Amazon CloudFront	"cloudfront:ListDistributions"
AWS CloudHSM	"cloudhsm:DescribeClusters"
Amazon CloudSearch	"cloudsearch:DescribeDomains"
AWS CodeBuild	"codebuild:ListProjects"
Amazon Cognito
Amazon Connect
Amazon Elastic Kubernetes Service (EKS)	"eks:ListClusters"
AWS DataSync	"datasync:ListTasks"
Amazon DynamoDB Accelerator (DAX)	"dax:DescribeClusters"
Amazon Database Migration Service	"dms:DescribeReplicationInstances"
Amazon DocumentDB	"rds:DescribeDBClusters"
AWS Direct Connect	"directconnect:DescribeConnections"
Amazon DynamoDB	"dynamodb:ListTables"
Amazon DynamoDB (built-in)	"dynamodb:ListTables", "dynamodb:ListTagsOfResource"
Amazon EBS	"ec2:DescribeVolumes"
Amazon EBS (built-in)	"ec2:DescribeVolumes"
Amazon EC2 API
Amazon EC2 (built-in)	"ec2:DescribeInstances"
Amazon EC2 Spot Fleet	"ec2:DescribeSpotFleetRequests"
Amazon Elastic Container Service (ECS)	"ecs:ListClusters"
Amazon ECS ContainerInsights	"ecs:ListClusters"
Amazon ElastiCache (EC)	"elasticache:DescribeCacheClusters"
AWS Elastic Beanstalk	"elasticbeanstalk:DescribeEnvironments"
Amazon Elastic File System (EFS)	"elasticfilesystem:DescribeFileSystems"
Amazon Elastic Inference
Amazon Elastic Map Reduce (EMR)	"elasticmapreduce:ListClusters"
Amazon Elasticsearch Service (ES)	"es:ListDomainNames"
Amazon Elastic Transcoder	"elastictranscoder:ListPipelines"
AWS Elastic Load Balancing (ELB) (built-in)	"elasticloadbalancing:DescribeInstanceHealth", "elasticloadbalancing:DescribeListeners", "elasticloadbalancing:DescribeLoadBalancers", "elasticloadbalancing:DescribeRules", "elasticloadbalancing:DescribeTags", "elasticloadbalancing:DescribeTargetHealth"
Amazon EventBridge	"events:ListEventBuses"
Amazon FSx	"fsx:DescribeFileSystems"
Amazon GameLift	"gamelift:ListFleets"
AWS Glue	"glue:GetJobs"
Amazon Inspector	"inspector:ListAssessmentTemplates"
AWS Internet of Things (IoT)
AWS IoT Analytics
Amazon Managed Streaming for Kafka	"kafka:ListClusters"
Amazon Kinesis Data Analytics	"kinesisanalytics:ListApplications"
Amazon Kinesis Data Firehose	"firehose:ListDeliveryStreams"
Amazon Kinesis Data Streams	"kinesis:ListStreams"
Amazon Kinesis Video Streams	"kinesisvideo:ListStreams"
Amazon Lambda	"lambda:ListFunctions"
AWS Lambda (built-in)	"lambda:ListFunctions", "lambda:ListTags"
Amazon Lex	"lex:GetBots"
AWS Application and Network Load Balancer (built-in)	"elasticloadbalancing:DescribeInstanceHealth", "elasticloadbalancing:DescribeListeners", "elasticloadbalancing:DescribeLoadBalancers", "elasticloadbalancing:DescribeRules", "elasticloadbalancing:DescribeTags", "elasticloadbalancing:DescribeTargetHealth"
Amazon CloudWatch Logs	"logs:DescribeLogGroups"
AWS Elemental MediaConnect	"mediaconnect:ListFlows"
Amazon MediaConvert	"mediaconvert:DescribeEndpoints"
Amazon MediaPackage Live	"mediapackage:ListChannels"
Amazon MediaPackage Video on Demand	"mediapackage-vod:ListPackagingConfigurations"
Amazon MediaTailor	"mediatailor:ListPlaybackConfigurations"
Amazon VPC NAT Gateways	"ec2:DescribeNatGateways"
Amazon Neptune	"rds:DescribeDBClusters"
AWS OpsWorks	"opsworks:DescribeStacks"
Amazon Polly
Amazon QLDB	"qldb:ListLedgers"
Amazon RDS	"rds:DescribeDBInstances"
Amazon RDS (built-in)	"rds:DescribeDBInstances", "rds:DescribeEvents", "rds:ListTagsForResource"
Amazon Redshift	"redshift:DescribeClusters"
Amazon Rekognition
AWS RoboMaker	"robomaker:ListSimulationJobs"
Amazon Route 53	"route53:ListHostedZones"
Amazon Route 53 Resolver	"route53resolver:ListResolverEndpoints"
Amazon S3	"s3:ListAllMyBuckets"
Amazon S3 (built-in)	"s3:ListAllMyBuckets"
Amazon SageMaker Batch Transform Jobs
Amazon SageMaker Endpoint Instances	"sagemaker:ListEndpoints"
Amazon SageMaker Endpoints	"sagemaker:ListEndpoints"
Amazon SageMaker Ground Truth
Amazon SageMaker Processing Jobs
Amazon SageMaker Training Jobs
AWS Service Catalog
Amazon Simple Email Service (SES)
Amazon Simple Notification Service (SNS)	"sns:ListTopics"
Amazon Simple Queue Service (SQS)	"sqs:ListQueues"
AWS Systems Manager - Run Command
AWS Step Functions
AWS Storage Gateway	"storagegateway:ListGateways"
Amazon SWF	"swf:ListDomains"
Amazon Textract
AWS IoT Things Graph
Amazon Transfer Family	"transfer:ListServers"
AWS Transit Gateway	"ec2:DescribeTransitGateways"
Amazon Translate
AWS Trusted Advisor
AWS API Usage
AWS Site-to-Site VPN	"ec2:DescribeVpnConnections"
Amazon WAF Classic
Amazon WAF
Amazon WorkMail	"workmail:ListOrganizations"
Amazon WorkSpaces	"workspaces:DescribeWorkspaces"

Example of JSON policy for one single service.

1{
2  "Version": "2012-10-17",
3  "Statement": [
4          {
5                  "Sid": "VisualEditor0",
6                  "Effect": "Allow",
7                  "Action": [
8                          "apigateway:GET",
9                          "cloudwatch:GetMetricData",
10                          "cloudwatch:GetMetricStatistics",
11                          "cloudwatch:ListMetrics",
12                          "sts:GetCallerIdentity",
13                          "tag:GetResources",
14                          "tag:GetTagKeys",
15                          "ec2:DescribeAvailabilityZones"
16                  ],
17                  "Resource": "*"
18          }
19      ]
20}

In this example, from the complete list of permissions you need to select

"apigateway:GET" for Amazon API Gateway
"cloudwatch:GetMetricData", "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics", "sts:GetCallerIdentity", "tag:GetResources", "tag:GetTagKeys", and "ec2:DescribeAvailabilityZones" for All monitored Amazon services.

To disable monitoring of built-in services you need:

ActiveGate version 1.245+, Dynatrace version 1.247+

Enable monitoring

To learn how to enable service monitoring, see Enable service monitoring.

Built-in services specifics

This is a built-in service. It's monitored out-of-the-box once a new AWS integration instance is created. For built-in services, all metrics are recommended (changing configuration is not possible).

Example of AWS built-in monitoring service

example of AWS builtin monitoring service

Available metrics

There are no metrics specific to Amazon Simple Storage Service (built-in), but Amazon S3 metrics can be obtained through the Amazon Simple Storage Service (non-built-in).