• Home
  • Dynatrace API
  • Configuration
  • AWS credentials
  • PUT credentials

AWS credentials API - PUT credentials

Updates an existing AWS credentials configuration. Check the connection status for these credentials after 10 minutes with the GET credentials request.

If a credentials configuration with the specified ID doesn’t exist, a new configuration is created.

The request consumes and produces an application/json payload.

PUTManagedDynatrace for Governmenthttps://{your-domain}/e/{your-environment-id}/api/config/v1/aws/credentials/{id}
SaaShttps://{your-environment-id}.live.dynatrace.com/api/config/v1/aws/credentials/{id}
Environment ActiveGatehttps://{your-activegate-domain}/e/{your-environment-id}/api/config/v1/aws/credentials/{id}

Authentication

To execute this request, you need an access token with WriteConfig scope.

To learn how to obtain and use it, see Tokens and authentication.

Parameters

ParameterTypeDescriptionInRequired
idstring

The ID of the AWS credentials configuration to be updated.

pathrequired
bodyAwsCredentialsConfig

The JSON body of the request. Contains updated parameters of the AWS credentials configuration.

bodyoptional

Request body objects

The AwsCredentialsConfig object

Configuration of an AWS credentials.

ElementTypeDescriptionRequired
metadataConfigurationMetadata

Metadata useful for debugging

optional
idstring

The unique ID of the credentials.

optional
connectionStatusstring

The status of the connection to the AWS environment.

  • CONNECTED: There was a connection within last 10 minutes.
  • DISCONNECTED: A problem occurred with establishing connection using these credentials. Check whether the data is correct.
  • UNINITIALIZED: The successful connection has never been established for these credentials.
The element can hold these values
  • CONNECTED
  • DISCONNECTED
  • UNINITIALIZED
optional
labelstring

The name of the credentials.

required
partitionTypestring

The type of the AWS partition.

The element can hold these values
  • AWS_CN
  • AWS_DEFAULT
  • AWS_US_GOV
required
authenticationDataAwsAuthenticationData

A credentials for the AWS authentication.

required
taggedOnlyboolean

Monitor only resources which have specified AWS tags (true) or all resources (false).

required
tagsToMonitorAwsConfigTag[]

A list of AWS tags to be monitored.

You can specify up to 10 tags.

Only applicable when the taggedOnly parameter is set to true.

required
supportingServicesToMonitorAwsSupportingServiceConfig[]

Deprecated. To manage services use /aws/credentials/{id}/services operation. Built-in services are not supported here.

A list of AWS services to be monitored. Available services are listed by /aws/supportedServices operation.

For each service, a list of metrics and dimensions can be specified. A list of supported metrics and dimensions for a given service can be checked in documentation.

List of metrics can be skipped (set to null), resulting in recommended (default) set of metrics and dimensions being chosen for monitoring.

optional

The ConfigurationMetadata object

Metadata useful for debugging

ElementTypeDescriptionRequired
configurationVersionsinteger[]

A sorted list of the version numbers of the configuration.

optional
currentConfigurationVersionsstring[]

A sorted list of version numbers of the configuration.

optional
clusterVersionstring

Dynatrace version.

optional

The AwsAuthenticationData object

A credentials for the AWS authentication.

ElementTypeDescriptionRequired
typestring

The type of the authentication: role-based or key-based.

The element can hold these values
  • KEYS
  • ROLE
required
keyBasedAuthenticationKeyBasedAuthentication

The credentials for the key-based authentication.

optional
roleBasedAuthenticationRoleBasedAuthentication

The credentials for the role-based authentication.

optional

The KeyBasedAuthentication object

The credentials for the key-based authentication.

ElementTypeDescriptionRequired
accessKeystring

The ID of the access key.

required
secretKeystring

The secret access key.

required

The RoleBasedAuthentication object

The credentials for the role-based authentication.

ElementTypeDescriptionRequired
iamRolestring

The IAM role to be used by Dynatrace to get monitoring data.

required
accountIdstring

The ID of the Amazon account.

required
externalIdstring

The external ID token for setting an IAM role.

You can obtain it with the GET /aws/iamExternalId request.

optional

The AwsConfigTag object

An AWS tag of the resource to be monitored.

ElementTypeDescriptionRequired
namestring

The key of the AWS tag.

required
valuestring

The value of the AWS tag.

required

The AwsSupportingServiceConfig object

A service to be monitored.

ElementTypeDescriptionRequired
namestring

The name of the service. Valid supported service names can be discovered using /aws/supportedServices restAPI

required
monitoredMetricsAwsSupportingServiceMetric[]

A list of metrics to be monitored for this service. If the list is null then recommended list of metrics for this service will be monitored.

optional

The AwsSupportingServiceMetric object

A metric of service to be monitored.

ElementTypeDescriptionRequired
namestring

The name of the metric of the service.

required
statisticstring

The statistic (aggregation) to be used for the metric. AVG_MIN_MAX value is 3 statistics at once: AVERAGE, MINIMUM and MAXIMUM

The element can hold these values
  • AVERAGE
  • AVG_MIN_MAX
  • MAXIMUM
  • MINIMUM
  • SAMPLE_COUNT
  • SUM
required
dimensionsstring[]

A list of metric's dimensions names.

required

Request body JSON model

This is a model of the request body, showing the possible elements. It has to be adjusted for usage in an actual request.

json
{
  "metadata": {
    "configurationVersions": [
      4,
      2
    ],
    "currentConfigurationVersions": [
      "1.0.4",
      "1.23"
    ],
    "clusterVersion": "1.192.1"
  },
  "id": "string",
  "connectionStatus": "CONNECTED",
  "label": "string",
  "partitionType": "AWS_CN",
  "authenticationData": {
    "type": "KEYS",
    "keyBasedAuthentication": {
      "accessKey": "string",
      "secretKey": "string"
    },
    "roleBasedAuthentication": {
      "iamRole": "string",
      "accountId": "string",
      "externalId": "string"
    }
  },
  "taggedOnly": true,
  "tagsToMonitor": [
    {
      "name": "string",
      "value": "string"
    }
  ],
  "supportingServicesToMonitor": [
    {
      "name": "string",
      "monitoredMetrics": [
        {
          "name": "string",
          "statistic": "AVERAGE",
          "dimensions": [
            "string"
          ]
        }
      ]
    }
  ]
}

Response

Response codes

CodeTypeDescription
201EntityShortRepresentation

Success. The new AWS credentials configuration has been created. The response body contains the ID of the configuration.

Check the connection status for these credentials after 10 minutes with the GET /aws/credentials/{id} request.

204

Success. The AWS credentials configuration has been updated. Response doesn't have a body.

Check the connection status for these credentials after 10 minutes with the GET /aws/credentials/{id} request.

400ErrorEnvelope

Failed. The input is invalid.

Response body objects

The EntityShortRepresentation object

The short representation of a Dynatrace entity.

ElementTypeDescription
idstring

The ID of the Dynatrace entity.

namestring

The name of the Dynatrace entity.

descriptionstring

A short description of the Dynatrace entity.

Response body JSON model

json
{
  "id": "6a98d7bc-abb9-44f8-ae6a-73e68e71812a",
  "name": "Dynatrace entity",
  "description": "Dynatrace entity for the REST API example"
}

GET the external ID token

Gets the external ID token for setting an IAM role.

The request produces an application/json payload.

GETManagedDynatrace for Governmenthttps://{your-domain}/e/{your-environment-id}/api/config/v1/aws/iamExternalId
SaaShttps://{your-environment-id}.live.dynatrace.com/api/config/v1/aws/iamExternalId
Environment ActiveGatehttps://{your-activegate-domain}/e/{your-environment-id}/api/config/v1/aws/iamExternalId

Authentication

To execute this request, you need an access token with ReadConfig scope.

To learn how to obtain and use it, see Tokens and authentication.

Response

Response codes

CodeTypeDescription
200AwsIamToken

Success

Response body objects

The AwsIamToken object

The external ID token for setting IAM Role in AWS.

ElementTypeDescription
tokenstring

The external ID token for setting IAM Role in AWS.

Response body JSON model

json
{
  "token": "string"
}

Validate payload

We recommend that you validate the payload before submitting it with an actual request. A response code of 204 indicates a valid payload.

The request consumes an application/json payload.

The request consumes an application/json payload.

POSTManagedDynatrace for Governmenthttps://{your-domain}/e/{your-environment-id}/api/config/v1/aws/credentials/{id}/validator
SaaShttps://{your-environment-id}.live.dynatrace.com/api/config/v1/aws/credentials/{id}/validator
Environment ActiveGatehttps://{your-activegate-domain}/e/{your-environment-id}/api/config/v1/aws/credentials/{id}/validator

Authentication

To execute this request, you need an access token with WriteConfig scope.

To learn how to obtain and use it, see Tokens and authentication.

Response

Response codes

CodeTypeDescription
204

Validated. The submitted configuration is valid. Response doesn't have a body.

400ErrorEnvelope

Failed. The input is invalid.

Related topics
  • Amazon Web Services Integrations

    Integrate Dynatrace on AWS