Troubleshoot AWS monitoring setup
Read below how you can troubleshoot issues regarding your Dynatrace deployment for AWS monitoring.
If you configure a proxy for an ActiveGate deployed on an EC2 instance, with an attached IAM role, you must ensure that you exempt the address used to access the instance metadata. The address to exempt is the IP address of the instance metadata service, 169.254.169.254
. This address is always the same and does not depend on the instance.
In the appropriate section your ActiveGate communication settings, specify proxy-non-proxy-hosts = 169.254.169.254
.
For example:
1[http.client]2proxy-non-proxy-hosts = 169.254.169.254
You have two options:
-
Option 1.
Confirm that all ActiveGates that have AWS monitoring enabled can connect to AWS.
In case of role-based setup: Ensure that all ActiveGates that have AWS monitoring enabled have theActiveGate
role attached. -
Option 2.
Choose one ActiveGate you want to monitor your AWS account with. Any ActiveGate type will work as long as it can connect to AWS. On that ActiveGate edit thecustom.properties
file and set the following property totrue
:
1[aws_monitoring]2aws_monitoring_enabled = true
On all the other ActiveGates, set the property to false
.
Add *.amazonaws.com
to your firewall's list of allowed domains.
An error might occur when attaching a role to an EC2 instance. In such cases, you can use curl
to retrieve the instance metadata to verify if the role is listed there. Use the following command:
1curl http://169.254.169.254/latest/meta-data/iam/info
If the attached role is still not listed in the instance metadata, it often helps to reattach it.
For more information, see Instance Metadata and User Data.
To monitor non-default AWS regions—Middle East (Bahrain), Africa (Cape Town), Asia Pacific (Hong Kong), Europe (Milan)—using role-based credentials, you need to modify the IAM STS settings in the AWS IAM console.
- In the AWS IAM console, go to Account settings.
- In Security Token Service (STS), select Edit to change Region compatibility of session tokens for
Global endpoint
to Valid in all AWS Regions. - Select Save changes.
For information about differences between built-in services and other services, see Migrate from AWS built-in services to cloud services.