Troubleshoot AWS monitoring setup
Read below how you can troubleshoot issues regarding your Dynatrace deployment for AWS monitoring.
If you configure a proxy for an ActiveGate deployed on an EC2 instance, with an attached IAM role, you must ensure that you exempt the address used to access the instance metadata. The address to exempt is the IP address of the instance metadata service,
169.254.169.254. This address is always the same and does not depend on the instance.
In the appropriate section your ActiveGate communication settings, specify
proxy-non-proxy-hosts = 169.254.169.254.
1[http.client]2proxy-non-proxy-hosts = 169.254.169.254
You have two options:
Confirm that all ActiveGates that have AWS monitoring enabled can connect to AWS.
In case of role-based setup: Ensure that all ActiveGates that have AWS monitoring enabled have the
Choose one ActiveGate you want to monitor your AWS account with. Any ActiveGate type will work as long as it can connect to AWS. On that ActiveGate edit the
custom.propertiesfile and set the following property to
1[aws_monitoring]2aws_monitoring_enabled = true
On all the other ActiveGates, set the property to
*.amazonaws.com to your firewall's list of allowed domains.
An error might occur when attaching a role to an EC2 instance. In such cases, you can use
curl to retrieve the instance metadata to verify if the role is listed there. Use the following command:
If the attached role is still not listed in the instance metadata, it often helps to reattach it.
For more information, see Instance Metadata and User Data.
To monitor non-default AWS regions—Middle East (Bahrain), Africa (Cape Town), Asia Pacific (Hong Kong), Europe (Milan)—using role-based credentials, you need to modify the IAM STS settings in the AWS IAM console.
- In the AWS IAM console, go to Account settings.
- In Security Token Service (STS), select Edit to change Region compatibility of session tokens for
Global endpointto Valid in all AWS Regions.
- Select Save changes.
For information about differences between built-in services and other services, see Migrate from AWS built-in services to cloud services.