AWS CloudHSM (V2) monitoring

Dynatrace ingests metrics for multiple preselected namespaces, including AWS CloudHSM (V2). You can view metrics for each service instance, split metrics into multiple dimensions, and create custom charts that you can pin to your dashboards.


To enable monitoring for this service, you need

  • An Environment or Cluster ActiveGate version 1.197+
    Note: For role-based access (whether in a SaaS or Managed deployment), you need an Environment ActiveGate installed on an AWS EC2 host.
  • Dynatrace version 1.200+
  • An updated AWS monitoring policy to include the additional AWS services.

To update the AWS IAM policy, use the JSON below, containing the monitoring policy (permissions) for all supporting services.

If you don't want to add permissions to all services, and just select permissions for certain services, consult the table below. The table contains a set of permissions that are required for all services (All monitored Amazon services) and, for each supporting service, a list of optional permissions specific to that service.

Example of JSON policy for one single service.

In this example, from the complete list of permissions you need to select

  • "apigateway:GET" for Amazon API Gateway
  • "cloudwatch:GetMetricData", "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics", "sts:GetCallerIdentity", "tag:GetResources", "tag:GetTagKeys", and "ec2:DescribeAvailabilityZones" for All monitored Amazon services.

Enable monitoring

To enable monitoring for this service, you first need to integrate Dynatrace with Amazon Web Services:

Add the service to monitoring

In order to view the service metrics, you must add the service to monitoring in your Dynatrace environment.

Cloud-service monitoring consumption

As of 2021, all cloud services consume Davis data units (DDUs). The amount of DDU consumption per service instance depends on the number of monitored metrics and their dimensions (each metric dimension results in the ingestion of 1 data point; 1 data point consumes 0.001 DDUs).

Monitor resources based on tags

You can choose to monitor resources based on existing AWS tags, as Dynatrace automatically imports them from service instances. Nevertheless, the transition from AWS to Dynatrace tagging isn't supported for all AWS services. Expand the table below to see which supporting services are filtered by tagging.

To monitor resources based on tags

  1. In the Dynatrace menu, go to Settings > Cloud and virtualization > AWS and select Edit for the desired AWS instance.
  2. For Resources to be monitored, select Monitor resources selected by tags.
  3. Enter the Key and Value.
  4. Select Save.

Configure service metrics

Once you add a service, Dynatrace starts automatically collecting a suite of metrics for this particular service. These are recommended metrics.

Recommended metrics:

  • Are enabled by default
  • Can't be disabled
  • Can have recommended dimensions (enabled by default, can't be disabled)
  • Can have optional dimensions (disabled by default, can be enabled)

Apart from the recommended metrics, most services have the possibility of enabling optional metrics.

Optional metrics:

  • Can be added and configured manually

View service metrics

You can view the service metrics in your Dynatrace environment either on the custom device overview page or on your Dashboards page.

View metrics on the custom device overview page

To access the custom device overview page

  1. In the Dynatrace menu, go to Technologies and processes.
  2. Filter by service name and select the relevant custom device group.
  3. Once you select the custom device group, you're on the custom device group overview page.
  4. The custom device group overview page lists all instances (custom devices) belonging to the group. Select an instance to view the custom device overview page.

View metrics on your dashboard

After you add the service to monitoring, a preset dashboard containing all recommended metrics is automatically listed on your Dashboards page. To look for specific dashboards, filter by Preset and then by Name.
Note: For existing monitored services, you might need to resave your credentials for the preset dashboard to appear on the Dashboards page. To resave your credentials, go to Settings > Cloud and virtualization > AWS, select the desired AWS instance, and then select Save.

You can't make changes on a preset dashboard directly, but you can clone and edit it. To clone a dashboard, open the browse menu () and select Clone.
To remove a dashboard from the dashboards page, you can hide it. To hide a dashboard, open the browse menu () and select Hide.
Note: Hiding a dashboard doesn't affect other users. clone-hide-aws

To check the availability of preset dashboards for each AWS service, see the list below.


Available metrics

Name Description Unit Statistics Dimensions Recommended
HsmUnhealthy The HSM instance is not performing properly None Multi ClusterId, HsmId ✔️
HsmUnhealthy None Multi ClusterId ✔️
HsmUnhealthy None Multi Region ✔️
HsmTemperature Junction temperature of the hardware processor None Multi ClusterId, HsmId ✔️
HsmTemperature None Multi ClusterId ✔️
HsmTemperature None Multi Region
HsmKeysSessionOccupied Number of session keys being used by the HSM instance Count Multi ClusterId, HsmId ✔️
HsmKeysSessionOccupied Count Multi ClusterId ✔️
HsmKeysSessionOccupied Count Multi Region ✔️
HsmKeysTokenOccupied Number of token keys being used by the HSM instance and the cluster Count Multi ClusterId, HsmId ✔️
HsmKeysTokenOccupied Count Multi ClusterId ✔️
HsmKeysTokenOccupied Count Multi Region ✔️
HsmSslCtxsOccupied Number of end-to-end encrypted channels currently established for the HSM instance Count Multi ClusterId, HsmId ✔️
HsmSslCtxsOccupied Count Multi ClusterId ✔️
HsmSslCtxsOccupied Count Multi Region
HsmSessionCount Number of open connections to the HSM instance Count Multi ClusterId, HsmId ✔️
HsmSessionCount Count Multi ClusterId ✔️
HsmSessionCount Count Multi Region
HsmUsersAvailable Number of additional users that can be created Count Multi ClusterId, HsmId ✔️
HsmUsersAvailable Count Multi ClusterId ✔️
HsmUsersAvailable Count Multi Region
HsmUsersMax Maximum number of users that can be created on the HSM instance Count Maximum ClusterId, HsmId ✔️
HsmUsersMax Count Maximum ClusterId ✔️
HsmUsersMax Count Maximum Region
InterfaceEth2DroppedInput Number of dropped packets on input Count Average ClusterId, HsmId
InterfaceEth2DroppedInput Count Average ClusterId
InterfaceEth2DroppedInput Count Average Region
InterfaceEth2ErrorsInput Number of error packets on input Count Average ClusterId, HsmId
InterfaceEth2ErrorsInput Count Average ClusterId
InterfaceEth2ErrorsInput Count Average Region
InterfaceEth2OctetsInput Cumulative sum of traffic to the HSM to date Count Average ClusterId, HsmId
InterfaceEth2OctetsInput Count Average ClusterId
InterfaceEth2OctetsInput Count Average Region
InterfaceEth2PacketsInput Total number of packets on input Count Average ClusterId, HsmId
InterfaceEth2PacketsInput Count Average ClusterId
InterfaceEth2PacketsInput Count Average Region
InterfaceEth2DroppedOutput Number of dropped packets on output Count Average ClusterId, HsmId
InterfaceEth2DroppedOutput Count Average ClusterId
InterfaceEth2DroppedOutput Count Average Region
InterfaceEth2ErrorsOutput Number of error packets on output Count Average ClusterId, HsmId
InterfaceEth2ErrorsOutput Count Average ClusterId
InterfaceEth2ErrorsOutput Count Average Region
InterfaceEth2OctetsOutput Cumulative sum of traffic from the HSM to date Count Average ClusterId, HsmId
InterfaceEth2OctetsOutput Count Average ClusterId
InterfaceEth2OctetsOutput Count Average Region
InterfaceEth2PacketsOutput Total number of packets on output Count Average ClusterId, HsmId
InterfaceEth2PacketsOutput Count Average ClusterId
InterfaceEth2PacketsOutput Count Average Region


CloudHSM Classic isn't supported.